git.koha-community.org Git - koha.git/commit

author	Amit Gupta <amit.gupta@informaticsglobal.com>
	Tue, 15 Aug 2017 08:19:10 +0000 (13:49 +0530)
committer	Katrin Fischer <katrin.fischer.83@web.de>
	Tue, 19 Sep 2017 21:10:29 +0000 (23:10 +0200)
commit	c092ea7261e310f85298adbd2800e5016585ece8
tree	3c59d7c7c071b92bcf4878da030a95ff53118124	tree \| snapshot
parent	a71269b23b580d68e45e1bf61285f651c64f1edf	commit \| diff

Bug 19108 - Stored XSS in items_search_fields.pl

To Test
1. Hit the page /cgi-bin/koha/admin/items_search_fields.pl
2. Add a text in the field Name and Label that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Fixed for new and edit page

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 063fd5e1b9e086c57987fae408b4ce6e51fec2b9)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 332d705e725a0672eafdeedb88d3848fca4b2a8b)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

koha-tmpl/intranet-tmpl/prog/en/includes/admin-items-search-field-form.inc		diff \| blob \| history
koha-tmpl/intranet-tmpl/prog/en/modules/admin/items_search_field.tt		diff \| blob \| history
koha-tmpl/intranet-tmpl/prog/en/modules/admin/items_search_fields.tt		diff \| blob \| history