]> git.koha-community.org Git - koha.git/commit
projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ec86950) | patch
Bug 19086: (follow-up) Fix Stored XSS in supplier.pl
authorKatrin Fischer <katrin.fischer.83@web.de>
Wed, 16 Aug 2017 10:59:13 +0000 (12:59 +0200)
committerJonathan Druart <jonathan.druart@bugs.koha-community.org>
Fri, 29 Sep 2017 15:20:45 +0000 (12:20 -0300)
commit13e65432ce6f78c277835d5a5fe22fe99ed0b20c
treee9bc6672b4e3dadbff51674bb048e861268d6a66tree | snapshot
parentec86950780e908f5b2a5d53e21cffede6d570b08commit | diff
Bug 19086: (follow-up) Fix Stored XSS in supplier.pl

In preparation:
Make sure you enter <script>alert("sth")</script>
in all fields of a new vendor that are not validated
and save.

1) Access vendor summary page.
2) Verify scripts are executed
3) Apply patch
4) Verify scripts are on longer executed

This works in combination with the other patches for XSS
on this bug.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
koha-tmpl/intranet-tmpl/prog/en/modules/acqui/supplier.tt diff | blob | history
Main Koha release repository