From 8288adc3583c50dfc6df8131d7d62a4009842bd0 Mon Sep 17 00:00:00 2001
From: Amit Gupta <amit.gupta@informaticsglobal.com>
Date: Fri, 4 Aug 2017 09:44:52 +0530
Subject: [PATCH] Bug 19033: XSS Flaws in Currencies and exchange page

1. Hit /cgi-bin/koha/admin/currency.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search currencies box.
3. Notice the iframe is executed
4. Apply patch
5. Reload page, and enter iframe again on search currencies box.
6. Notice it is no longer executed

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Fixes the issue, follows common practice on the codebase.
---
 koha-tmpl/intranet-tmpl/prog/en/modules/admin/currency.tt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/currency.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/currency.tt
index 1bbacf2d6e..f580efd4ed 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/currency.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/currency.tt
@@ -197,7 +197,7 @@
     [% END %]
 
     [% IF searchfield %]
-        You searched for [% searchfield %]</span>
+        You searched for [% searchfield |html %]</span>
     [% END %]
 
     <table id='currencies-table'>
-- 
2.39.5