git.koha-community.org Git - koha.git/commit

author	Katrin Fischer <katrin.fischer.83@web.de>
	Wed, 16 Aug 2017 10:05:50 +0000 (12:05 +0200)
committer	Mason James <mtj@kohaaloha.com>
	Wed, 20 Sep 2017 03:13:01 +0000 (15:13 +1200)
commit	c127306b540cc0ee7cda9f7b14cd2c9bb47b99a1
tree	1ae1227ed7ffed622084d4d2ee3dd111bb7d64f3	tree \| snapshot
parent	5caf641f7ddfe4d0b924e37dae2d799bdd6f3d8f	commit \| diff

Bug 19125 - XSS - members.pl

In preparation to test this patch:
- Add a patron list named <script>alert("patron list")</script>
- Add a library named <script>alert("library")</script>
- Add a patron category named <script>alert("patron category")</script>

To test:
- Access patron search page and do a search
- Verify that the alerts added above are executed
- Apply patch
- Verify that no alerts are displayed

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>

koha-tmpl/intranet-tmpl/prog/en/includes/patron-search.inc		diff \| blob \| history
koha-tmpl/intranet-tmpl/prog/en/includes/patron-toolbar.inc		diff \| blob \| history
koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt		diff \| blob \| history