]> git.koha-community.org Git - koha.git/commit
Bug 19108: Fix Stored XSS in items_search_fields.pl
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Tue, 15 Aug 2017 08:19:10 +0000 (13:49 +0530)
committerJonathan Druart <jonathan.druart@bugs.koha-community.org>
Fri, 29 Sep 2017 15:20:50 +0000 (12:20 -0300)
commitbfbba2339f3c39fcf19ec1b12585f15f9ea68993
tree5eb3da83dac4eb4faef0736f2308673291f01b5f
parentd1aa11c51c0b7312ea08327b57b4adb04f3c7c48
Bug 19108: Fix Stored XSS in items_search_fields.pl

To Test
1. Hit the page /cgi-bin/koha/admin/items_search_fields.pl
2. Add a text in the field Name and Label that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Fixed for new and edit page

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
koha-tmpl/intranet-tmpl/prog/en/includes/admin-items-search-field-form.inc
koha-tmpl/intranet-tmpl/prog/en/modules/admin/items_search_field.tt
koha-tmpl/intranet-tmpl/prog/en/modules/admin/items_search_fields.tt