]> git.koha-community.org Git - koha.git/commit
Bug 19612: Fix XSS in members/memberentry.pl
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Mon, 13 Nov 2017 03:35:14 +0000 (09:05 +0530)
committerFridolin Somers <fridolin.somers@biblibre.com>
Sat, 23 Dec 2017 09:58:13 +0000 (10:58 +0100)
commit069c3a1772f62df04a0e75c48def81dac44e3bf0
tree94ba9e29a06ecf7b3f45cc5c3844c1bb7566a45c
parent22f485761915c43a04a3547806a936b567c39b85
Bug 19612: Fix XSS in members/memberentry.pl

To Test
1. Hit the page /cgi-bin/koha/members/memberentry.pl
2. Add a text in the field address, address2, city, state, country,
   zipcode, B_streetnumber, B_city, B_country, B_zipcode that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
(cherry picked from commit 4333617b1d33b2c7c0488de593c76ac79f4ebf70)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
koha-tmpl/intranet-tmpl/prog/en/includes/member-display-address-style-us.inc
koha-tmpl/intranet-tmpl/prog/en/includes/member-display-alt-address-style-us.inc
koha-tmpl/intranet-tmpl/prog/en/modules/members/moremember.tt