projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2ad850b) | patch
Bug 17038: Fix XSS in catalogue/search.pl
authorJonathan Druart <jonathan.druart@bugs.koha-community.org>
Wed, 3 Aug 2016 12:57:43 +0000 (13:57 +0100)
committerJulian Maurice <julian.maurice@biblibre.com>
Tue, 23 Aug 2016 14:23:11 +0000 (16:23 +0200)
commit26537653657e02e7bc201b55ac49c5186607cd03
treec5ad0ccf5f74b7b42007756170e758a56a415832tree | snapshot
parent2ad850b0b56219d67d25065ece3b4cb2b61361bacommit | diff
Bug 17038: Fix XSS in catalogue/search.pl

Test plan:
Search for something like:
  \";alert(1)//135

=> Without this patch you will see the alert
=> With this patch, no more alert

Note that this fix the parameters idx, q and op

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit b543fa74fe888b9e53cfc06ac58e2f7ac1689ae5)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 97f1d825cd4031e0c9077d9d8cf0f0c7f69d894c)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/results.tt diff | blob | history
Main Koha release repository