From ebc7b2a033d7a80e09dbb0cb51c83029f505d3fc Mon Sep 17 00:00:00 2001 From: Chris Date: Sun, 21 Jun 2015 08:18:20 +0000 Subject: [PATCH] Bug 14423 : XSS bug in lateorders 1/ hit a url like http://localhost:8081/cgi-bin/koha/acqui/lateorders.pl?delay=&estimateddeliverydatefrom 2/ Not you get an alert box 3/ Apply patch notice it is fixed 4/ Test functionality still works Signed-off-by: Jonathan Druart Signed-off-by: Katrin Fischer Signed-off-by: Chris Cormack (cherry picked from commit 66dc4a9e7d2f11b97f1a4b0f76b5c485c3873683) Signed-off-by: Fridolin Somers --- koha-tmpl/intranet-tmpl/prog/en/modules/acqui/lateorders.tt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/lateorders.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/lateorders.tt index c76cf2d709..ba11284ecb 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/lateorders.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/lateorders.tt @@ -93,7 +93,7 @@ $(document).ready(function() { [% IF ( lateorders ) %]
- + [% IF ( letters ) %]

days ago +

  • days ago
  • [% INCLUDE 'date-format.inc' %]
    -- 2.39.5