projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 914577f) | patch
Bug 19127: Fix Stored XSS in csv-profiles.pl
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Wed, 16 Aug 2017 12:26:17 +0000 (17:56 +0530)
committerJonathan Druart <jonathan.druart@bugs.koha-community.org>
Fri, 29 Sep 2017 15:20:51 +0000 (12:20 -0300)
commitb90662073ff99d25e0f32156924f79981f9d5707
tree5a8e2c6c0d454d52b7f3e925ef29ce486b228fb4tree | snapshot
parent914577fdb788b70fdb0979a6ea88ca10e3345796commit | diff
Bug 19127: Fix Stored XSS in csv-profiles.pl

To Test
1. Hit the page /cgi-bin/koha/tools/csv-profiles.pl?op=add_form
2. Add a text in the field Profile name, Profile description
   and Profile MARC fields that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
koha-tmpl/intranet-tmpl/prog/en/modules/tools/csv-profiles.tt diff | blob | history
Main Koha release repository