From 6bdc17da42b62d351593540577a06a6827be94ff Mon Sep 17 00:00:00 2001 From: Amit Gupta Date: Tue, 15 Aug 2017 19:51:48 +0530 Subject: [PATCH] Bug 19112 - Stored XSS in basketheader.pl page To Test 1. Hit the page /cgi-bin/koha/acqui/basketheader.pl?booksellerid=1&op=add_form 2. Add a text in the field Basket name, Internal note, Vendor note that contains java script 3. Save the page 4. Notice js is execute 5. Apply patch, reload, js is escaped. Fixed XSS on pages basket.pl/basketheader.pl/bookseller.pl Signed-off-by: Katrin Fischer Signed-off-by: Marcel de Rooy Signed-off-by: Jonathan Druart (cherry picked from commit 65c7b505ee56f088f3c475595e53fbe53a77d4a2) Signed-off-by: Fridolin Somers --- koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basket.tt | 4 ++-- .../intranet-tmpl/prog/en/modules/acqui/basketheader.tt | 8 ++++---- .../intranet-tmpl/prog/en/modules/acqui/booksellers.tt | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basket.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basket.tt index 75603e1f42..fecb0880e7 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basket.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basket.tt @@ -334,8 +334,8 @@
    - [% IF ( basketnote ) %]
  1. Internal note: [% basketnote %]
  2. [% END %] - [% IF ( basketbooksellernote ) %]
  3. Vendor note: [% basketbooksellernote %]
  4. [% END %] + [% IF ( basketnote ) %]
  5. Internal note: [% basketnote |html %]
  6. [% END %] + [% IF ( basketbooksellernote ) %]
  7. Vendor note: [% basketbooksellernote |html %]
  8. [% END %] [% IF ( basketcontractno ) %]
  9. Contract name: [% basketcontractname %]
  10. [% END %] diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basketheader.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basketheader.tt index 5cc8cc7982..b3be24135a 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basketheader.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basketheader.tt @@ -19,7 +19,7 @@ Acquisitions[% booksellername %] › [% IF ( add_form ) %] - [% IF ( basketno ) %]Edit basket '[% basketname %]' + [% IF ( basketno ) %]Edit basket '[% basketname |html %]' [% ELSE %]Add a basket to [% booksellername %] [% END %] [% END %] @@ -32,7 +32,7 @@ [% IF ( add_form ) %] [% IF ( basketno ) %] -

    Edit basket [% basketname %]

    +

    Edit basket [% basketname |html %]

    [% ELSE %]

    Add a basket to [% booksellername %]

    [% END %]
    @@ -78,11 +78,11 @@
  11.   - +
  12.   - +
  13. [% IF ( contractloop ) %]
  14. diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tt index e9f44dcaec..e8acf39696 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tt @@ -142,7 +142,7 @@ $(document).ready(function() { [% END %] [% basket.basketno %] - [% basket.basketname %] + [% basket.basketname |html %] [% basket.total_items %] [% IF basket.total_items_cancelled %] -- 2.39.5