git.koha-community.org Git - koha.git/commit

Bug 17029: Fix XSS in catalogue/*detail.pl

Hit
  /cgi-bin/koha/catalogue/detail.pl?biblionumber=1<script type="text/javascript">alert("XSS")</script>
  /cgi-bin/koha/catalogue/ISBDdetail.pl?biblionumber=1<script type="text/javascript">alert("XSS")</script>
  /cgi-bin/koha/catalogue/MARCdetail.pl?biblionumber=1<script type="text/javascript">alert("XSS")</script>
  /cgi-bin/koha/catalogue/moredetail.pl?biblionumber=1<script type="text/javascript">alert("XSS")</script>
  /cgi-bin/koha/catalogue/labeledMARCdetail.pl?biblionumber=1<script type="text/javascript">alert("XSS")</script>

=> Without this patch you will see the alert
=> With this patch, no more alert

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit f3a8e5a4117a0e95969ff2856dfcd95a6935ec55)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 990aca1cb7548bcead783f40661acb156952d09a)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

author	Jonathan Druart <jonathan.druart@bugs.koha-community.org>
	Tue, 2 Aug 2016 14:46:06 +0000 (15:46 +0100)
committer	Julian Maurice <julian.maurice@biblibre.com>
	Tue, 23 Aug 2016 14:19:52 +0000 (16:19 +0200)
commit	b99c3c2001993fe112e00e514bdaaaa0c94ce06e
tree	fddb4e78bc61d78e36d58eeb43f12803b1fdbcaf	tree \| snapshot
parent	f9187241453d88573e1e25881b993566593ab366	commit \| diff

catalogue/ISBDdetail.pl		diff \| blob \| history
catalogue/MARCdetail.pl		diff \| blob \| history
catalogue/detail.pl		diff \| blob \| history
catalogue/labeledMARCdetail.pl		diff \| blob \| history
catalogue/moredetail.pl		diff \| blob \| history