]> git.koha-community.org Git - koha.git/commit
Bug 19614: Fix XSS in members/pay.pl
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Mon, 13 Nov 2017 03:57:44 +0000 (09:27 +0530)
committerFridolin Somers <fridolin.somers@biblibre.com>
Sat, 23 Dec 2017 09:58:13 +0000 (10:58 +0100)
commite29e6e656f483018164a6a426f5b6ba2fc3b5995
treeb708adfa47110fd39d8f204234f547dd09eb0655
parent069c3a1772f62df04a0e75c48def81dac44e3bf0
Bug 19614: Fix XSS in members/pay.pl

To Test
1. Hit the page /cgi-bin/koha/members/memberentry.pl
2. Add a text in the field firstname, surname that contains js
3. Save the page.
4. click on fine tab
5. Notice js is execute
6. Apply patch and reload, the js is escaped

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
(cherry picked from commit e576b89c461c87efc122816fca9f6c3ba08a1833)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
koha-tmpl/intranet-tmpl/prog/en/modules/members/pay.tt