git.koha-community.org Git - koha.git/commit

author	Amit Gupta <amit.gupta@informaticsglobal.com>
	Tue, 15 Aug 2017 14:21:48 +0000 (19:51 +0530)
committer	Mason James <mtj@kohaaloha.com>
	Thu, 24 Aug 2017 06:05:20 +0000 (18:05 +1200)
commit	944c4ffcb659487fb30c0b9bdb6ac50ce7a3dfe1
tree	149320de89be8c157edb2ff7e4bb972ab2a8c7a4	tree \| snapshot
parent	347200ab659a4698e2b147b335650a8d455f7b5b	commit \| diff

Bug 19112 - Stored XSS in basketheader.pl page

To Test

1. Hit the page /cgi-bin/koha/acqui/basketheader.pl?booksellerid=1&op=add_form
2. Add a text in the field Basket name, Internal note, Vendor note that contains java script
3. Save the page
4. Notice js is execute
5. Apply patch, reload, js is escaped.

Fixed XSS on pages basket.pl/basketheader.pl/bookseller.pl

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>

koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basket.tt		diff \| blob \| history
koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basketheader.tt		diff \| blob \| history
koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tt		diff \| blob \| history