From d87b8a5cf3458492c67c424b3f811ac0085599f0 Mon Sep 17 00:00:00 2001 From: Chris Date: Sun, 21 Jun 2015 09:20:51 +0000 Subject: [PATCH] Bug 14423: Multiple XSS vulnerabilities in serials-search To test 1/ Hit a url like http://localhost:8081/cgi-bin/koha/serials/serials-search.pl?bookseller_filter=%22%22%22%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E&searched=1&title_filter= 2/ Notice alert boxes 3/ Apply patch 4/ Reload, notice fixed Repeat for callnumber_filter EAN_filter ISSN_filter publisher_filter title_filter Signed-off-by: Jonathan Druart Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi --- .../prog/en/modules/serials/serials-search.tt | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/serials/serials-search.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/serials/serials-search.tt index ae1484d0d1..3b97849d93 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/serials/serials-search.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/serials/serials-search.tt @@ -60,29 +60,29 @@
  1. - +
  2. - +
  3. [% IF ( marcflavour == "UNIMARC" ) %]
  4. - +
  5. [% END %]
  6. - +
  7. - +
  8. - +
  9. @@ -294,7 +294,7 @@ [% IF ( routing && CAN_user_serials_routing ) %] [% UNLESS ( subscription.cannotedit ) %]
  10. - Reopen + Reopen
  11. [% END %] [% END # IF ( routing && CAN_user_serials_routing ) %] @@ -337,29 +337,29 @@
    1. - +
    2. - +
    3. [% IF ( marcflavour == "UNIMARC" ) %]
    4. - +
    5. [% END %]
    6. - +
    7. - +
    8. - +
    9. -- 2.39.5