]> git.koha-community.org Git - koha.git/commit
Bug 19105 - XSS Stored in holidays.pl
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Tue, 15 Aug 2017 03:53:13 +0000 (09:23 +0530)
committerFridolin Somers <fridolin.somers@biblibre.com>
Wed, 23 Aug 2017 15:00:03 +0000 (17:00 +0200)
commit84c5bebcd3a93d21bd7b800b63ba3506adcaf0bf
tree38c8595eef6658ad8e25dd1f73856ef67caeb840
parent5e5cd8025301bb6efc2031f9e6f8a48a768a0dc8
Bug 19105 - XSS Stored in holidays.pl

To Test
1. Hit the page /cgi-bin/koha/tools/holidays.pl
2. Select the date
3. Add a text in the field Title and Description that contains js
4. Save the page.
5. Notice js is execute
6. Apply patch and reload, the js is escaped

Fixed for all holidays

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 1ceb4367c6879be812b600487385c53bb005260d)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
koha-tmpl/intranet-tmpl/prog/en/modules/tools/holidays.tt