git.koha-community.org Git - koha.git/commit

Bug 19110 - XSS Stored in branches.pl

To Test
1. Hit the page /cgi-bin/koha/admin/branches.pl?op=add_form_category
2. Add a text in the field Name and description that contains js.
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Fixed for js escaped execute for both pages

1. /cgi-bin/koha/admin/branches.pl?op=delete_confirm&branchcode=xx
xx is branchcode
2. /cgi-bin/koha/admin/branches.pl?op=add_form with Group(s):

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

author	Amit Gupta <amit.gupta@informaticsglobal.com>
	Tue, 15 Aug 2017 09:30:55 +0000 (15:00 +0530)
committer	Jonathan Druart <jonathan.druart@bugs.koha-community.org>
	Tue, 29 Aug 2017 15:00:37 +0000 (12:00 -0300)
commit	d4b588aca834a94ed9fa6b5af2f8b1c1cbed2667
tree	78eaa89d0c13851eb3f7497876a426eeab5ce206	tree \| snapshot
parent	73a66ccaf47f8815bbe74326dbe24dba915456fb	commit \| diff