Bug 11341: fix XSS bug in opac-search.pl (facets)
This patch fixes the prog theme; the bootstrap theme already
does the necessary filtering.
To test
1/ Craft a url like
cgi-bin/koha/opac-search.pl?idx=kw&q=fish&offset=20" onmouseover%3dprompt(994000) bad%3d"
(the search must return enough results to have a show more link in the facets)
2/ Check the source, or mouseover the Show more links in the facets
Notice the code is executable
3/ Apply patch - notice it is no longer executable
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
(cherry picked from commit
d2d365ca830345b9a519158f6d735d2abd125380)
Signed-off-by: Fridolin SOMERS <fridolin.somers@biblibre.com>
projects / koha.git / commit