projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d1aa11c) | patch
Bug 19108: Fix Stored XSS in items_search_fields.pl
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Tue, 15 Aug 2017 08:19:10 +0000 (13:49 +0530)
committerJonathan Druart <jonathan.druart@bugs.koha-community.org>
Fri, 29 Sep 2017 15:20:50 +0000 (12:20 -0300)
commitbfbba2339f3c39fcf19ec1b12585f15f9ea68993
tree5eb3da83dac4eb4faef0736f2308673291f01b5ftree | snapshot
parentd1aa11c51c0b7312ea08327b57b4adb04f3c7c48commit | diff
Bug 19108: Fix Stored XSS in items_search_fields.pl

To Test
1. Hit the page /cgi-bin/koha/admin/items_search_fields.pl
2. Add a text in the field Name and Label that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Fixed for new and edit page

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
koha-tmpl/intranet-tmpl/prog/en/includes/admin-items-search-field-form.inc diff | blob | history
koha-tmpl/intranet-tmpl/prog/en/modules/admin/items_search_field.tt diff | blob | history
koha-tmpl/intranet-tmpl/prog/en/modules/admin/items_search_fields.tt diff | blob | history
Main Koha release repository