From 603a111d3a711148fbcecd293b0a8b89fa0b0fc6 Mon Sep 17 00:00:00 2001 From: Chris Date: Sun, 21 Jun 2015 09:35:07 +0000 Subject: [PATCH] Bug 14423: Multiple XSS bugs in suggestion.pl To test 1/ Hit a url like http://localhost:8081/cgi-bin/koha/suggestion/suggestion.pl?author=%22%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E&accepteddate_to= 2/ Notice alert box(es) 3/ Apply patch 4/ Reload and notice alert is gone Repeat for collection_title copyrightdate isbn manageddate_from manageddate_to publishercode suggesteddate_from suggesteddate_to Signed-off-by: Jonathan Druart Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi --- .../prog/en/modules/suggestion/suggestion.tt | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/suggestion/suggestion.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/suggestion/suggestion.tt index 4bd3908dd5..b3fedc44b5 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/suggestion/suggestion.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/suggestion/suggestion.tt @@ -329,12 +329,12 @@ h4.local_collapse a { font-size : 80%; text-decoration: none; } fieldset.brief o Required -
  • -
  • -
  • -
  • -
  • -
  • +
  • +
  • +
  • +
  • +
  • +
  • -
  • -
  • -
  • -
  • -
  • +
  • +
  • +
  • +
  • +
  • Suggestion information

      -- 2.39.5