]> git.koha-community.org Git - koha.git/commit
projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c4a1eaf) | patch
Bug 19086 - Follow-up - XSS in supplier.tt
authorKatrin Fischer <katrin.fischer.83@web.de>
Wed, 16 Aug 2017 10:59:13 +0000 (12:59 +0200)
committerFridolin Somers <fridolin.somers@biblibre.com>
Tue, 19 Sep 2017 12:59:37 +0000 (14:59 +0200)
commit13147e7c05daa73a4f562541c3a7f8c98747bc83
tree90fc140c0d449b4c70ca49a9de3cbdb8a65248d4tree | snapshot
parentc4a1eafb5bac265c936567807e94ab22d04a1094commit | diff
Bug 19086 - Follow-up - XSS in supplier.tt

In preparation:
Make sure you enter <script>alert("sth")</script>
in all fields of a new vendor that are not validated
and save.

1) Access vendor summary page.
2) Verify scripts are executed
3) Apply patch
4) Verify scripts are on longer executed

This works in combination with the other patches for XSS
on this bug.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 14a1aba57cc091a70c527a0d6bd495d21bd87345)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
koha-tmpl/intranet-tmpl/prog/en/modules/acqui/supplier.tt diff | blob | history
Main Koha release repository