Bug 19086 Stored XSS in circulation.pl
1/ To test add a message to a borrower that contains js
2/ hit /cgi-bin/koha/circ/circulation.pl?borrowernumber=[number]
where number is the borrowernumber of the borrower you set the message
for
3/ Notice js is execute
4/ Apply patch, reload, js is escaped
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit
80c93d3499b11f3574fbafe756f94c534b746d5a)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit
0a53a9e7f35855405024d03bde01d49f560f99ee)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>