From 26537653657e02e7bc201b55ac49c5186607cd03 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Wed, 3 Aug 2016 13:57:43 +0100 Subject: [PATCH] Bug 17038: Fix XSS in catalogue/search.pl MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Test plan: Search for something like: \";alert(1)//135 => Without this patch you will see the alert => With this patch, no more alert Note that this fix the parameters idx, q and op Signed-off-by: Chris Cormack Signed-off-by: Katrin Fischer Signed-off-by: Kyle M Hall (cherry picked from commit b543fa74fe888b9e53cfc06ac58e2f7ac1689ae5) Signed-off-by: Frédéric Demians (cherry picked from commit 97f1d825cd4031e0c9077d9d8cf0f0c7f69d894c) Signed-off-by: Julian Maurice --- koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/results.tt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/results.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/results.tt index 23e12d4e5d..c68307bb9c 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/results.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/results.tt @@ -152,7 +152,7 @@ $('#sort_by').change(function() { $(".selection").show(); [% IF ( query_desc ) %] toHighlight = $("p,span.results_summary,a.title"); - var query_desc = "[% query_desc |replace("'", "\'") |replace('"', '\"') |replace('\n', '\\n') |replace('\r', '\\r') %]"; + var query_desc = "[% query_desc |replace("'", "\'") |replace('"', '\"') |replace('\n', '\\n') |replace('\r', '\\r') | html %]"; q_array = query_desc.split(" "); // ensure that we don't have "" at the end of the array, which can // break the highlighter -- 2.39.5