]> git.koha-community.org Git - koha.git/commit
Bug 22478: Prevent XSS vulnerabilities when pagination appears
authorJonathan Druart <jonathan.druart@bugs.koha-community.org>
Thu, 14 Mar 2019 22:42:50 +0000 (19:42 -0300)
committerLucas Gass <lucas@bywatersolutions.com>
Mon, 29 Apr 2019 01:29:06 +0000 (01:29 +0000)
commitf7b12a1cf3da62d8ed884692b4161dca1d456bfe
treef09c379cc90e93132a10e4313197898586f8d146
parent63691c6f248e769ecf3165f5363f4bb1a96e4c3a
Bug 22478: Prevent XSS vulnerabilities when pagination appears

This is a bad one as we thought we were XSS safe since bug 13618.

The html code generated in C4::Output::pagination_bar must escape the
variables and values correctly.

This patch needs to be widely tested, everywhere the pagination appears,
to make sure we will not introduce regressions.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit d4d1107afa873614ace241557e424de0dcbad20a)

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
C4/Output.pm