From 8c3da351307be664a879148ce4ca9215ca1c2da7 Mon Sep 17 00:00:00 2001 From: Amit Gupta Date: Fri, 4 Aug 2017 09:44:52 +0530 Subject: [PATCH] Bug 19033: XSS Flaws in Currencies and exchange page 1. Hit /cgi-bin/koha/admin/currency.pl 2. Enter search currencies box. 3. Notice the iframe is executed 4. Apply patch 5. Reload page, and enter iframe again on search currencies box. 6. Notice it is no longer executed Signed-off-by: Tomas Cohen Arazi Fixes the issue, follows common practice on the codebase. Signed-off-by: Jonathan Druart --- koha-tmpl/intranet-tmpl/prog/en/modules/admin/currency.tt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/currency.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/currency.tt index 9b7e1062b4..d7285b8cf1 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/currency.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/currency.tt @@ -198,7 +198,7 @@ [% END %] [% IF searchfield %] - You searched for [% searchfield %] + You searched for [% searchfield |html %] [% END %] -- 2.39.5