git.koha-community.org Git - koha.git/commit

]> git.koha-community.org Git - koha.git/commit

author	Amit Gupta <amit.gupta@informaticsglobal.com>
	Tue, 15 Aug 2017 03:53:13 +0000 (09:23 +0530)
committer	Jonathan Druart <jonathan.druart@bugs.koha-community.org>
	Tue, 29 Aug 2017 15:00:37 +0000 (12:00 -0300)
commit	6b3449627fe53851b92428e57bb12d6c6492e2b9
tree	37e6daba0aaf145d6772965dc87f8d694cf35dd8	tree \| snapshot
parent	fd44f2fed7415feb8605c94b7c533dcd48d27b15	commit \| diff

Bug 19105 - XSS Stored in holidays.pl

To Test
1. Hit the page /cgi-bin/koha/tools/holidays.pl
2. Select the date
3. Add a text in the field Title and Description that contains js
4. Save the page.
5. Notice js is execute
6. Apply patch and reload, the js is escaped

Fixed for all holidays

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

koha-tmpl/intranet-tmpl/prog/en/modules/tools/holidays.tt

diff | blob | history

Main Koha release repository

RSS Atom