From 01038a03d49b42beefe480906ab1b7c9547f3f51 Mon Sep 17 00:00:00 2001
From: Chris Cormack <chrisc@catalyst.net.nz>
Date: Fri, 19 Jun 2015 11:30:22 +1200
Subject: [PATCH] Bug 14418 : XSS flaw in opac-shelves.pl

To test:
1/ Create a list and add at least one item to it
2/ Hit a url like http://192.168.2.18/cgi-bin/koha/opac-shelves.pl?viewshelf=7&sort=author&direction=%22%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E
  Where the shelf id is the number of the list you created, notice the js is executed
3/ Apply the patch
4/ Reload the page notice the js is now escaped

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
---
 koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt
index 03d18ba273..6bdf174542 100644
--- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt
+++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt
@@ -162,7 +162,7 @@
                                         <span class="sendlist"><a href="/cgi-bin/koha/opac-sendshelf.pl?shelfid=[% shelfnumber | html %]" class="send" onclick="open('/cgi-bin/koha/opac-sendshelf.pl?shelfid=[% shelfnumber | html %]','win_form','scrollbars=no,resizable=no,height=300,width=450,top=50,left=100'); return false; ">Send list</a></span>
                                     [% END %]
 
-                                    <a class="print-small" href="/cgi-bin/koha/opac-shelves.pl" onclick="print(); return false;">Print list</a>
+                                    <a class="print-small" target="_blank" href="/cgi-bin/koha/opac-shelves.pl?viewshelf=[% shelfnumber %]&sort=[% sort %]&direction=[% direction |uri %]&print=1">Print list</a>
 
                                     [% IF ( manageshelf ) %]
                                         <span class="sep">|</span>
-- 
2.39.5