From 44ccf758fe94bb105c57866411a5aba5cde5f610 Mon Sep 17 00:00:00 2001 From: Amit Gupta Date: Fri, 11 Aug 2017 21:08:14 +0530 Subject: [PATCH] Bug 19079 - XSS Flaws in Membership page 1. Hit /cgi-bin/koha/members/moremember.pl?borrowernumber=xx. xx - is a borrowernumber 2. Notice the java script is executed. 4. Apply patch. 5. Reload page, and hit the page again /cgi-bin/koha/members/moremember.pl?borrowernumber=xx. xx - is a borrowernumber. 6. Notice it is no longer executed. Signed-off-by: Chris Cormack Signed-off-by: Jonathan Druart Signed-off-by: Jonathan Druart (cherry picked from commit 4f48532c4f3bede64533af6415e507640e2ed6e0) Signed-off-by: Fridolin Somers --- members/moremember.pl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/members/moremember.pl b/members/moremember.pl index 0649dcfd76..ad71dfc9a8 100755 --- a/members/moremember.pl +++ b/members/moremember.pl @@ -36,6 +36,7 @@ use strict; #use warnings; FIXME - Bug 2505 use CGI qw ( -utf8 ); +use HTML::Entities; use C4::Context; use C4::Auth; use C4::Output; @@ -116,6 +117,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user( } ); my $borrowernumber = $input->param('borrowernumber'); +$borrowernumber = HTML::Entities::encode($borrowernumber); my $error = $input->param('error'); $template->param( error => $error ) if ( $error ); -- 2.39.5