From cc0033d9b6e932f3e52075776503e4956406188c Mon Sep 17 00:00:00 2001
From: Amit Gupta <amit.gupta@informaticsglobal.com>
Date: Tue, 15 Aug 2017 23:22:32 +0530
Subject: [PATCH] Bug 19100 - XSS Flaws in memberentry.pl

1. Hit /cgi-bin/koha/members/memberentry.pl?op=add&guarantorid=xx<script>alert('amit')</script>
   xx - is a guarantorid
2. Notice the java script is executed.
3. Apply patch.
4. Reload page, and hit the page again /cgi-bin/koha/members/memberentry.pl?op=add&guarantorid=xx<script>alert('amit')</script>
   xx - is a guarantorid.
5. Notice it is no longer executed.

NOTE: I had to test in Microsoft Edge, because Chrome was blocking XSS for me.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
---
 .../intranet-tmpl/prog/en/modules/members/memberentrygen.tt     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tt
index 3e71d14367..04d3b6ea50 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tt
@@ -413,7 +413,7 @@ $(document).ready(function() {
  [% ELSE %]
  <li id="contact-details" style="display: none">
  [% END %]
-     <span class="label">Patron #:</span> [% IF ( guarantorid ) %] <a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% guarantorid %]" target="blank">[% guarantorid %]</a>[% END %]
+     <span class="label">Patron #:</span> [% IF ( guarantorid ) %] <a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% guarantorid %]" target="blank">[% guarantorid |html %]</a>[% END %]
  </li>
         [% UNLESS nocontactname %]
  <li>
-- 
2.39.2