From f2fad9d2b884c8b52def21f00b9c78542ed58a49 Mon Sep 17 00:00:00 2001 From: Amit Gupta Date: Tue, 15 Aug 2017 15:00:55 +0530 Subject: [PATCH] Bug 19110 - XSS Stored in branches.pl To Test 1. Hit the page /cgi-bin/koha/admin/branches.pl?op=add_form_category 2. Add a text in the field Name and description that contains js. 3. Save the page. 4. Notice js is execute 5. Apply patch and reload, the js is escaped Fixed for js escaped execute for both pages 1. /cgi-bin/koha/admin/branches.pl?op=delete_confirm&branchcode=xx xx is branchcode 2. /cgi-bin/koha/admin/branches.pl?op=add_form with Group(s): Signed-off-by: Katrin Fischer Signed-off-by: Marcel de Rooy Signed-off-by: Jonathan Druart (cherry picked from commit 0a44868b21c4ec9f3e6a7c4e4f7db8ee22e014b6) Signed-off-by: Fridolin Somers --- .../prog/en/modules/admin/branches.tt | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/branches.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/branches.tt index 7a5f22a691..fb2d723703 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/branches.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/branches.tt @@ -162,13 +162,13 @@ tinyMCE.init({
    [% FOREACH category IN categories %]
  1. - + [% IF category and selected_categorycodes.grep(category.categorycode).size %] [% ELSE %] [% END %] - [% category.codedescription %] + [% category.codedescription |html %]
  2. [% END %]
@@ -204,7 +204,7 @@ tinyMCE.init({ [% IF op == 'delete_confirm' and not ( items_count or patrons_count )%]
-

Are you sure you want to delete [% library.branchname %] ([% library.branchcode %])?

+

Are you sure you want to delete [% library.branchname |html %] ([% library.branchcode %])?

@@ -264,7 +264,7 @@ tinyMCE.init({ [% FOREACH category IN library.get_categories %] - [% category.categoryname %]
+ [% category.categoryname |html %]
[% END %] [% library.branchip %] @@ -296,9 +296,9 @@ tinyMCE.init({ [% FOREACH category IN group_type.categories %] - [% category.categoryname %] + [% category.categoryname |html %] [% category.categorycode %] - [% category.codedescription %] + [% category.codedescription |html %] Edit Delete @@ -382,7 +382,7 @@ tinyMCE.init({ [% IF op == 'delete_confirm_category' %]
-

Are you sure you want to delete the group '[% category.codedescription %]' ([% category.categorycode %])?

+

Are you sure you want to delete the group '[% category.codedescription |html %]' ([% category.categorycode %])?

-- 2.39.5