]> git.koha-community.org Git - koha.git/commit
Bug 19319: Reflected XSS Vulnerability in opac-MARCdetail.pl
authorKyle M Hall <kyle@bywatersolutions.com>
Thu, 14 Sep 2017 15:52:08 +0000 (11:52 -0400)
committerChris Cormack <chrisc@catalyst.net.nz>
Wed, 20 Dec 2017 23:52:06 +0000 (12:52 +1300)
commite7bc011a46d869dd12729201704a62d77043fc74
tree7ba1b5310b87a274afc77afa8fd30120120a27fe
parent27431856a405b573afcc16c98fb8619c6caa699c
Bug 19319: Reflected XSS Vulnerability in opac-MARCdetail.pl

Try going to this URL on your site: /cgi-bin/koha/opac-MARCdetail.pl?biblionumber=2"><TEST>

Test Plan:
1) Go to /cgi-bin/koha/opac-MARCdetail.pl?biblionumber=2"><TEST>
2) Note <TEST> is embedded all over the html
3) Apply this patch
4) Refresh the page, note the injection is gone!
5) run koha qa test tools

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-detail-sidebar.inc
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-ISBDdetail.tt
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-MARCdetail.tt
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-detail.tt
opac/opac-ISBDdetail.pl
opac/opac-MARCdetail.pl
opac/opac-detail.pl