]> git.koha-community.org Git - koha.git/commit
projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 75ca6a1) | patch
Bug 19108 - Stored XSS in items_search_fields.pl
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Tue, 15 Aug 2017 08:19:10 +0000 (13:49 +0530)
committerMason James <mtj@kohaaloha.com>
Wed, 20 Sep 2017 03:03:19 +0000 (15:03 +1200)
commit5ffa9b924cf4bed72f105dc711ca7dd03ee373c5
treeceed7f8e34bd699a916a3b1de23c88db08c9be44tree | snapshot
parent75ca6a17ad080246197ec6664ad19a96785cfbcdcommit | diff
Bug 19108 - Stored XSS in items_search_fields.pl

To Test
1. Hit the page /cgi-bin/koha/admin/items_search_fields.pl
2. Add a text in the field Name and Label that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Fixed for new and edit page

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>
koha-tmpl/intranet-tmpl/prog/en/includes/admin-items-search-field-form.inc diff | blob | history
koha-tmpl/intranet-tmpl/prog/en/modules/admin/items_search_field.tt diff | blob | history
koha-tmpl/intranet-tmpl/prog/en/modules/admin/items_search_fields.tt diff | blob | history
Main Koha release repository