]> git.koha-community.org Git - koha.git/commit
Bug 19110 - XSS Stored in branches.pl
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Tue, 15 Aug 2017 09:30:55 +0000 (15:00 +0530)
committerKatrin Fischer <katrin.fischer.83@web.de>
Sun, 20 Aug 2017 13:37:10 +0000 (15:37 +0200)
commitefc22a085b683455e1291aa9e49fa4f4b637d36f
tree762bd58ad91ba0a66bfb649030c4bc25784c7cee
parentfabd0f82c11521fcde8f699bf0fa7ead362ea5a7
Bug 19110 - XSS Stored in branches.pl

To Test
1. Hit the page /cgi-bin/koha/admin/branches.pl?op=add_form_category
2. Add a text in the field Name and description that contains js.
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Fixed for js escaped execute for both pages

1. /cgi-bin/koha/admin/branches.pl?op=delete_confirm&branchcode=xx
   xx is branchcode
2. /cgi-bin/koha/admin/branches.pl?op=add_form with Group(s):

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
koha-tmpl/intranet-tmpl/prog/en/modules/admin/branches.tt