git.koha-community.org Git - koha.git/commit

Bug 17029: Fix XSS in catalogue/*detail.pl

Hit
  /cgi-bin/koha/catalogue/detail.pl?biblionumber=1<script type="text/javascript">alert("XSS")</script>
  /cgi-bin/koha/catalogue/ISBDdetail.pl?biblionumber=1<script type="text/javascript">alert("XSS")</script>
  /cgi-bin/koha/catalogue/MARCdetail.pl?biblionumber=1<script type="text/javascript">alert("XSS")</script>
  /cgi-bin/koha/catalogue/moredetail.pl?biblionumber=1<script type="text/javascript">alert("XSS")</script>
  /cgi-bin/koha/catalogue/labeledMARCdetail.pl?biblionumber=1<script type="text/javascript">alert("XSS")</script>

=> Without this patch you will see the alert
=> With this patch, no more alert

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit f3a8e5a4117a0e95969ff2856dfcd95a6935ec55)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

author	Jonathan Druart <jonathan.druart@bugs.koha-community.org>
	Tue, 2 Aug 2016 14:46:06 +0000 (15:46 +0100)
committer	Frédéric Demians <f.demians@tamil.fr>
	Tue, 23 Aug 2016 09:35:38 +0000 (11:35 +0200)
commit	990aca1cb7548bcead783f40661acb156952d09a
tree	6a6aa53259a647df78b5b1997c0a97f55af2ceda	tree \| snapshot
parent	f0e08942d79caca7a47dc6bdb8f7ea01a83c5333	commit \| diff

catalogue/ISBDdetail.pl		diff \| blob \| history
catalogue/MARCdetail.pl		diff \| blob \| history
catalogue/detail.pl		diff \| blob \| history
catalogue/labeledMARCdetail.pl		diff \| blob \| history
catalogue/moredetail.pl		diff \| blob \| history