git.koha-community.org Git - koha.git/commit

author	Chris <chris@bigballofwax.co.nz>
	Sun, 21 Jun 2015 09:20:51 +0000 (09:20 +0000)
committer	Fridolin Somers <fridolin.somers@biblibre.com>
	Tue, 23 Jun 2015 12:40:24 +0000 (14:40 +0200)
commit	9e704e2b289dc8a9e90108b2d2a5c9266c347171
tree	c03db67936133d3a2f01da1442aa70ceca99f752	tree \| snapshot
parent	94c70537c62e25ac0ed8a5cb71c10c3315653e2d	commit \| diff

Bug 14423 : Multiple XSS vulnerabilities in serials-search

To test

1/ Hit a url like http://localhost:8081/cgi-bin/koha/serials/serials-search.pl?bookseller_filter=%22%22%22%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E&searched=1&title_filter=
2/ Notice alert boxes
3/ Apply patch
4/ Reload, notice fixed

Repeat for
callnumber_filter
EAN_filter
ISSN_filter
publisher_filter
title_filter

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
(cherry picked from commit bab7a33c2d6b4774dd96af1d10f72620802e9b4e)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Conflicts:
koha-tmpl/intranet-tmpl/prog/en/modules/serials/serials-search.tt