git.koha-community.org Git - koha.git/commit

author	Kyle M Hall <kyle@bywatersolutions.com>
	Thu, 14 Sep 2017 15:52:08 +0000 (11:52 -0400)
committer	Fridolin Somers <fridolin.somers@biblibre.com>
	Sat, 23 Dec 2017 09:58:12 +0000 (10:58 +0100)
commit	ca6fb7be787355f4ec9fb88eb1c6f2c1f1f73b5a
tree	4d351b7fe33c4dd9c1ecdad59af403a7b020899d	tree \| snapshot
parent	28cd18c23eac8fa0307f91d3d4552a791f434d65	commit \| diff

Bug 19319: Reflected XSS Vulnerability in opac-MARCdetail.pl

Try going to this URL on your site: /cgi-bin/koha/opac-MARCdetail.pl?biblionumber=2"><TEST>

Test Plan:
1) Go to /cgi-bin/koha/opac-MARCdetail.pl?biblionumber=2"><TEST>
2) Note <TEST> is embedded all over the html
3) Apply this patch
4) Refresh the page, note the injection is gone!
5) run koha qa test tools

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
(cherry picked from commit 617e87c59d0b270d424aa4f1977e3e95c019e0b5)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>

koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-detail-sidebar.inc		diff \| blob \| history
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-ISBDdetail.tt		diff \| blob \| history
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-MARCdetail.tt		diff \| blob \| history
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-detail.tt		diff \| blob \| history
opac/opac-ISBDdetail.pl		diff \| blob \| history
opac/opac-MARCdetail.pl		diff \| blob \| history
opac/opac-detail.pl		diff \| blob \| history