]> git.koha-community.org Git - koha.git/commit
projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0eb03b0) | patch
Bug 19086 - Follow-up - XSS in supplier.tt
authorKatrin Fischer <katrin.fischer.83@web.de>
Wed, 16 Aug 2017 10:59:13 +0000 (12:59 +0200)
committerMason James <mtj@kohaaloha.com>
Wed, 20 Sep 2017 03:02:38 +0000 (15:02 +1200)
commit4c8e2f74d9cc8e4833dd62d9faa60437c97307ec
tree33125a7f7f6abb75c09f81947f57e2a1340b90e2tree | snapshot
parent0eb03b0817561fc37c77bf551a09d816d41c4117commit | diff
Bug 19086 - Follow-up - XSS in supplier.tt

In preparation:
Make sure you enter <script>alert("sth")</script>
in all fields of a new vendor that are not validated
and save.

1) Access vendor summary page.
2) Verify scripts are executed
3) Apply patch
4) Verify scripts are on longer executed

This works in combination with the other patches for XSS
on this bug.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
koha-tmpl/intranet-tmpl/prog/en/modules/acqui/supplier.tt diff | blob | history
Main Koha release repository