From 48af13bd1a0eff3162d5e8edb867a701e233e5da Mon Sep 17 00:00:00 2001 From: Chris Date: Sun, 21 Jun 2015 09:01:32 +0000 Subject: [PATCH] Bug 14423 : XSS bugs in catalogue search To test 1/ hit a url like http://localhost:8081/cgi-bin/koha/catalogue/search.pl?limit=%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E 2/ Notice alert boxes 3/ Apply patch 4/ Reload url, no alerts 5/ Check search still works Signed-off-by: Jonathan Druart Signed-off-by: Katrin Fischer Signed-off-by: Chris Cormack --- .../intranet-tmpl/prog/en/modules/catalogue/results.tt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/results.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/results.tt index 9660bb4634..4b1c94b887 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/results.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/results.tt @@ -259,7 +259,7 @@ var holdForPatron = function () {
@@ -304,7 +304,7 @@ var holdForPatron = function () {

- [% total %] result(s) found [% IF ( query_desc ) %]for '[% query_desc |html %]'[% END %][% IF ( limit_desc ) %] with limit(s): '[% limit_desc %]'[% END %][% IF ( LibraryName ) %] in [% LibraryName %] Catalog[% END %].
  + [% total %] result(s) found [% IF ( query_desc ) %]for '[% query_desc |html %]'[% END %][% IF limit_desc %] with limit(s): '[% limit_desc | html %]'[% END %][% IF ( LibraryName ) %] in [% LibraryName %] Catalog[% END %].