]> git.koha-community.org Git - koha.git/commit
Bug 14360: Unescaped variable causes alert
authorAleisha <aleishaamohia@hotmail.com>
Mon, 8 Jun 2015 02:30:23 +0000 (02:30 +0000)
committerTomas Cohen Arazi <tomascohen@gmail.com>
Thu, 11 Jun 2015 13:04:40 +0000 (10:04 -0300)
commit9e920f7479df6d36db3e3450d6e6c2524fa9fe56
treededdf5138e7e572f57ab02a42890efebbc49fbf2
parentd75a751d49ad65b007572e02320735d2b02c9e1f
Bug 14360: Unescaped variable causes alert

Adding |html to [% resultsperpage %] to escape the variable and get rid of the alert.

To test:

1) Go to URL such as ...  /cgi-bin/koha/opac-authorities-home.pl?op=do_search&resultsperpage=1%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
2) Notice pop-up box with alert
3) Apply patch, refresh page
4) Notice alert is gone

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-authoritiessearchresultlist.tt