From 9fc3f224d2517844c9f7d36e394959d1d064a767 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Thu, 20 May 2021 08:34:48 +0200 Subject: [PATCH] Bug 20982: Sanitize category to prevent XSS on opac-shelves.pl == Test plan == 1. Go to http://localhost:8080/cgi-bin/koha/opac-shelves.pl?category=function(){window.location.href%20=%20%27https://git.koha-community.org/stats/koha-master/authors.html%27}() 2. Note that you are redirected to another website 3. Apply the patch & restart services 4. Repeat the above and you are not redirected Signed-off-by: Victor Grousset/tuxayo Signed-off-by: David Cook --- koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt | 2 +- opac/opac-shelves.pl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt index 4ee6813fc7..d683b509de 100644 --- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt +++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt @@ -1087,7 +1087,7 @@ function AdjustRemark() { if( $("#category").length > 0 ) { category = $("#category").val(); } else { - category = [% category | html %]; + category = "[% category | html %]"; } var perms = $("#allow_changes_from").val(); diff --git a/opac/opac-shelves.pl b/opac/opac-shelves.pl index b94b4126ea..483876188e 100755 --- a/opac/opac-shelves.pl +++ b/opac/opac-shelves.pl @@ -434,7 +434,7 @@ $template->param( referer => $referer, shelf => $shelf, messages => \@messages, - category => $category, + category => ($category == 1 || $category == 2) ? $category : "", print => scalar $query->param('print') || 0, listsview => 1, ); -- 2.39.5