]> git.koha-community.org Git - koha.git/commit
Bug 11322: fix XSS bug in purchase suggestions pages
authorChris Cormack <chrisc@catalyst.net.nz>
Mon, 2 Dec 2013 22:34:48 +0000 (11:34 +1300)
committerTomas Cohen Arazi <tomascohen@gmail.com>
Tue, 17 Dec 2013 18:49:23 +0000 (15:49 -0300)
commitefe589d54a5ca3f5e7321f1a49e458f6a76d8e82
tree34d55f33b620794fda663264a74112ea693f4d54
parent0b25d8254b8d9a4c915076fa693194046842442e
Bug 11322: fix XSS bug in purchase suggestions pages

To test
1/ Switch on purchase suggestions
2/ On the public interface (OPAC) add a suggestion, put html in every
field
3/ In the staff interface go to the suggestions page
/cgi-bin/koha/suggestion/suggestion.pl
4/ Notice the html is rendered
5/ Click on a suggestion, notice the html is rendered on the show page
also
6/ Apply the patch, check these two pages again, html should now be
escaped

Signed-off-by: David Cook <dcook@prosentient.com.au>
Works as described.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Passes all tests, thx Chris!

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
(cherry picked from commit 368068c71597eaf61e4f9cc154002ea92dfd16c3)
Signed-off-by: Fridolin SOMERS <fridolin.somers@biblibre.com>
(cherry picked from commit f8278987e3e1bac23e968417728a821faa22aa57)
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
koha-tmpl/intranet-tmpl/prog/en/modules/suggestion/suggestion.tt