From 9e704e2b289dc8a9e90108b2d2a5c9266c347171 Mon Sep 17 00:00:00 2001 From: Chris Date: Sun, 21 Jun 2015 09:20:51 +0000 Subject: [PATCH] Bug 14423 : Multiple XSS vulnerabilities in serials-search To test 1/ Hit a url like http://localhost:8081/cgi-bin/koha/serials/serials-search.pl?bookseller_filter=%22%22%22%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E&searched=1&title_filter= 2/ Notice alert boxes 3/ Apply patch 4/ Reload, notice fixed Repeat for callnumber_filter EAN_filter ISSN_filter publisher_filter title_filter Signed-off-by: Jonathan Druart Signed-off-by: Katrin Fischer Signed-off-by: Chris Cormack (cherry picked from commit bab7a33c2d6b4774dd96af1d10f72620802e9b4e) Signed-off-by: Fridolin Somers Conflicts: koha-tmpl/intranet-tmpl/prog/en/modules/serials/serials-search.tt --- .../prog/en/modules/serials/serials-search.tt | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/serials/serials-search.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/serials/serials-search.tt index f570669041..8fb55de76c 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/serials/serials-search.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/serials/serials-search.tt @@ -62,29 +62,29 @@
  1. - +
  2. - +
  3. [% IF ( marcflavour == "UNIMARC" ) %]
  4. - +
  5. [% END %]
  6. - +
  7. - +
  8. - +
  9. @@ -278,7 +278,7 @@ [% UNLESS subscription.cannotedit %] - Reopen + Reopen [% ELSE %] Cannot edit [% END %] @@ -317,29 +317,29 @@
    1. - +
    2. - +
    3. [% IF ( marcflavour == "UNIMARC" ) %]
    4. - +
    5. [% END %]
    6. - +
    7. - +
    8. - +
    9. -- 2.39.5