From be1bd8b56140b1ac45259c1ac3c6de25a45687b8 Mon Sep 17 00:00:00 2001
From: Amit Gupta <amit.gupta@informaticsglobal.com>
Date: Tue, 15 Aug 2017 23:22:32 +0530
Subject: [PATCH] Bug 19100 - XSS Flaws in memberentry.pl

1. Hit /cgi-bin/koha/members/memberentry.pl?op=add&guarantorid=xx<script>alert('amit')</script>
   xx - is a guarantorid
2. Notice the java script is executed.
3. Apply patch.
4. Reload page, and hit the page again /cgi-bin/koha/members/memberentry.pl?op=add&guarantorid=xx<script>alert('amit')</script>
   xx - is a guarantorid.
5. Notice it is no longer executed.

NOTE: I had to test in Microsoft Edge, because Chrome was blocking XSS for me.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit d42639166c9de0e83b16b04cd8c05146648b03fd)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
---
 .../intranet-tmpl/prog/en/modules/members/memberentrygen.tt     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tt
index 7f6f734322..af7583202b 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tt
@@ -413,7 +413,7 @@ $(document).ready(function() {
  [% ELSE %]
  <li id="contact-details" style="display: none">
  [% END %]
-     <span class="label">Patron #:</span> [% IF ( guarantorid ) %] <a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% guarantorid %]" target="blank">[% guarantorid %]</a>[% END %]
+     <span class="label">Patron #:</span> [% IF ( guarantorid ) %] <a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% guarantorid %]" target="blank">[% guarantorid |html %]</a>[% END %]
  </li>
         [% UNLESS nocontactname %]
  <li>
-- 
2.39.2