From 7cc24ec5e533ed750be02899d9fdc16b1396880e Mon Sep 17 00:00:00 2001 From: Aleisha Date: Mon, 8 Jun 2015 02:30:23 +0000 Subject: [PATCH] Bug 14360: Unescaped variable causes alert Adding |html to [% resultsperpage %] to escape the variable and get rid of the alert. To test: 1) Go to URL such as ... /cgi-bin/koha/opac-authorities-home.pl?op=do_search&resultsperpage=1%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E 2) Notice pop-up box with alert 3) Apply patch, refresh page 4) Notice alert is gone Signed-off-by: Katrin Fischer Signed-off-by: Kyle M Hall Signed-off-by: Mason James --- .../en/modules/opac-authoritiessearchresultlist.tt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-authoritiessearchresultlist.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-authoritiessearchresultlist.tt index c4fa63437b..43b4af4a45 100644 --- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-authoritiessearchresultlist.tt +++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-authoritiessearchresultlist.tt @@ -6,7 +6,7 @@ -- 2.39.5