projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a0d5a70) | patch
Bug 13425 - XSS in opac facets - Patch for 3.16
authorChris Cormack <chrisc@catalyst.net.nz>
Tue, 9 Dec 2014 23:47:30 +0000 (12:47 +1300)
committerMason James <mtj@kohaaloha.com>
Thu, 11 Dec 2014 10:28:17 +0000 (23:28 +1300)
commitb79058ac1505f4c13dad698bc137c15981f80717
treec011e34de7c33ff7d63fe4121b7d406c0fca3cdatree | snapshot
parenta0d5a70de5d5f9f11f7e480afc22c8c3632fcd1bcommit | diff
Bug 13425 - XSS in opac facets - Patch for 3.16

To Test
1/ Craft a url like /cgi-bin/koha/opac-search.pl?q=123&sort_by='"><script>prompt('Happy_Holidays')</script>&limit=123

It is important it must return results and facets

2/ Notice the js is executed
3/ Apply the patch test again

Test this one both in prog and bootstrap please

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-facets.inc diff | blob | history
koha-tmpl/opac-tmpl/prog/en/includes/opac-facets.inc diff | blob | history
Main Koha release repository