From f563ba795e4863328ff4930e7877caae9458206c Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Tue, 2 Aug 2016 14:32:46 +0100 Subject: [PATCH] Bug 17024: Fix XSS in tools/viewlog.pl Test plan: Hit /tools/viewlog.pl?do_it=1&modules=CATALOGUING&action=MODIFY&object= => Without this patch you will see the alert => With this patch, no more alert Signed-off-by: Chris Cormack Signed-off-by: Katrin Fischer Signed-off-by: Brendan Gallagher --- .../prog/en/includes/biblio-view-menu.inc | 20 +++++++++---------- .../prog/en/modules/tools/viewlog.tt | 16 +++++++-------- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/biblio-view-menu.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/biblio-view-menu.inc index 4258aa3634..76c52f8010 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/includes/biblio-view-menu.inc +++ b/koha-tmpl/intranet-tmpl/prog/en/includes/biblio-view-menu.inc @@ -3,36 +3,36 @@ diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/viewlog.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/viewlog.tt index d5f616ba3b..472d87c6c3 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/viewlog.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/viewlog.tt @@ -69,12 +69,12 @@ [% IF ( do_it ) %] [% END %] - +
  1. - +
  2. @@ -113,18 +113,18 @@
  3. - +
  4. - +
  5. - +
    [% INCLUDE 'date-format.inc' %]
  6. - +
    [% INCLUDE 'date-format.inc' %]
@@ -218,10 +218,10 @@
No log found [% IF ( CATALOGUING ) %] - for Bibliographic record [% object %] + for Bibliographic record [% object | html %] [% END %] [% IF ( MEMBERS ) %] - for [% INCLUDE 'patron-title.inc' %] + for [% INCLUDE 'patron-title.inc' %] [% END %] .
-- 2.39.5