]> git.koha-community.org Git - koha.git/commit
Bug 17026: Fix XSS in serials/checkexpiration.pl
authorJonathan Druart <jonathan.druart@bugs.koha-community.org>
Tue, 2 Aug 2016 13:51:49 +0000 (14:51 +0100)
committerJulian Maurice <julian.maurice@biblibre.com>
Wed, 17 Aug 2016 12:15:37 +0000 (14:15 +0200)
commit9b42a3f9b29c1c09d24067832a14b9af173e0af5
treeec9f7695d31689f9ccb999f735ce19abb8feca34
parent5e301bc138e2278dd1307f947a9416f5c7979f59
Bug 17026: Fix XSS in serials/checkexpiration.pl

Test plan:
Hit:
 /serials/checkexpiration.pl?title="><script>alert("XSS")</script>&date=12/02/2002
 /serials/checkexpiration.pl?issn="><script>alert("XSS")</script>&date=12/02/2002

=> Without this patch you will see the alert
=> With this patch, no more alert

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 9d00353a92487dcde654d88206fd5458448fff1b)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit ec78a0d43fe8032d9eeb9272878129085c3c429f)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
koha-tmpl/intranet-tmpl/prog/en/modules/serials/checkexpiration.tt