From 3bf66eb1a1af1f917ffbf3865762cac64bfdbaef Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Wed, 3 Aug 2016 08:49:10 +0100 Subject: [PATCH] Bug 17036: Fix XSS in circulation.pl MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Test plan: Enter the following in the "Check out" tab: "> => Without this patch you will see the alert => With this patch, no more alert Signed-off-by: Chris Cormack Signed-off-by: Katrin Fischer Signed-off-by: Kyle M Hall (cherry picked from commit 96a9c2715ee2e4388e105e86e221bc280e1d757f) Signed-off-by: Frédéric Demians --- koha-tmpl/intranet-tmpl/prog/en/modules/circ/circulation.tt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/circ/circulation.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/circ/circulation.tt index 358dfe0cf6..100644c4cb 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/circ/circulation.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/circ/circulation.tt @@ -572,7 +572,7 @@ $(document).ready(function() { [% IF ( message ) %] [% INCLUDE 'patron-toolbar.inc' %]

-No patron matched [% message %] +No patron matched [% message | html %]

[% END %] -- 2.39.5