git.koha-community.org Git - koha.git/commit

Bug 19108 - Stored XSS in items_search_fields.pl

To Test
1. Hit the page /cgi-bin/koha/admin/items_search_fields.pl
2. Add a text in the field Name and Label that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Fixed for new and edit page

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 063fd5e1b9e086c57987fae408b4ce6e51fec2b9)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>

author	Amit Gupta <amit.gupta@informaticsglobal.com>
	Tue, 15 Aug 2017 08:19:10 +0000 (13:49 +0530)
committer	Fridolin Somers <fridolin.somers@biblibre.com>
	Tue, 19 Sep 2017 13:57:37 +0000 (15:57 +0200)
commit	332d705e725a0672eafdeedb88d3848fca4b2a8b
tree	2b86246d3e4ac97323ebcdc7258b7e26139a8324	tree \| snapshot
parent	20b4c81c1a1e1c93ecdc5ebeeddb870a802a7d4a	commit \| diff

koha-tmpl/intranet-tmpl/prog/en/includes/admin-items-search-field-form.inc		diff \| blob \| history
koha-tmpl/intranet-tmpl/prog/en/modules/admin/items_search_field.tt		diff \| blob \| history
koha-tmpl/intranet-tmpl/prog/en/modules/admin/items_search_fields.tt		diff \| blob \| history