]> git.koha-community.org Git - koha.git/commit
Bug 19614: Fix XSS in members/pay.pl
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Mon, 13 Nov 2017 03:57:44 +0000 (09:27 +0530)
committerChris Cormack <chrisc@catalyst.net.nz>
Wed, 20 Dec 2017 23:58:08 +0000 (12:58 +1300)
commit0cffe914774e7491a3234f3b5f844cef744c645f
treec3bb9315bf770a6e383f902c1c6d75a3b26fc68a
parent7e0c35efa87d62fab2470ff897553a0a5b3121f5
Bug 19614: Fix XSS in members/pay.pl

To Test
1. Hit the page /cgi-bin/koha/members/memberentry.pl
2. Add a text in the field firstname, surname that contains js
3. Save the page.
4. click on fine tab
5. Notice js is execute
6. Apply patch and reload, the js is escaped

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
koha-tmpl/intranet-tmpl/prog/en/modules/members/pay.tt