From da6ee1c469c63f6d28dd1302032a19596eb7cd57 Mon Sep 17 00:00:00 2001 From: Chris Date: Mon, 5 Jan 2015 06:37:51 +0000 Subject: [PATCH] Bug 13510 : Fixing the third XSS issue To test 1/ Make sure you have some items in your database, that have values in items.issue If nessecary do something like UPDATE items SET issues = 10 WHERE itemnumber=somenumber 2/ Hit a url like http://localhost:8080/cgi-bin/koha/opac-topissues.pl?do_it=1&timeLimit=3%3Cscript%3Eprompt%28924513%29%3C/script%3E 3/ Notice you will get a prompt 4/ Apply patch 5/ Test again Signed-off-by: Katrin Fischer Signed-off-by: Martin Renvoize Signed-off-by: Tomas Cohen Arazi --- koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-topissues.tt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-topissues.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-topissues.tt index fd21332865..72f8abd9be 100644 --- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-topissues.tt +++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-topissues.tt @@ -49,7 +49,7 @@ [% branch %] [% END %] [% IF ( timeLimitFinite ) %] - in the past [% timeLimitFinite %] months + in the past [% timeLimitFinite |html %] months [% ELSE %] of all time[% END %] -- 2.39.5