git.koha-community.org Git - koha.git/commit

]> git.koha-community.org Git - koha.git/commit

author	Amit Gupta <amit.gupta@informaticsglobal.com>
	Tue, 15 Aug 2017 03:53:13 +0000 (09:23 +0530)
committer	Katrin Fischer <katrin.fischer.83@web.de>
	Sun, 20 Aug 2017 13:38:06 +0000 (15:38 +0200)
commit	a6994fa928c3a47dc4f56493af789a2cb54b3256
tree	234b63c15c3224094b74200a0bf550e16f484c92	tree \| snapshot
parent	cc0033d9b6e932f3e52075776503e4956406188c	commit \| diff

Bug 19105 - XSS Stored in holidays.pl

To Test
1. Hit the page /cgi-bin/koha/tools/holidays.pl
2. Select the date
3. Add a text in the field Title and Description that contains js
4. Save the page.
5. Notice js is execute
6. Apply patch and reload, the js is escaped

Fixed for all holidays

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

koha-tmpl/intranet-tmpl/prog/en/modules/tools/holidays.tt

diff | blob | history

Main Koha release repository

RSS Atom