From 0565a70c5cb4c8f365d64658109b4d84e8964952 Mon Sep 17 00:00:00 2001 From: Amit Gupta Date: Mon, 7 Aug 2017 21:43:56 +0530 Subject: [PATCH] Bug 19051 - XSS Flaws in - Batch item modification page 1. Hit /cgi-bin/koha/tools/batchMod.pl 2. Enter in the Barcode list (one barcode per line) text area. 3. Notice the iframe is executed. 4. Apply patch. 5. Reload page, and enter iframe again on Barcode list (one barcode per line) text area. 6. Notice it is no longer executed. 7. Fixes for both barcode and itemnumber. Signed-off-by: Chris Cormack Signed-off-by: Marcel de Rooy Signed-off-by: Jonathan Druart (cherry picked from commit 0726c79361a22051b847e9fe8668ab6faf81479a) Signed-off-by: Fridolin Somers --- koha-tmpl/intranet-tmpl/prog/en/modules/tools/batchMod-edit.tt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/batchMod-edit.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/batchMod-edit.tt index 2b746ab403..c25dfe4b49 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/batchMod-edit.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/batchMod-edit.tt @@ -98,7 +98,7 @@ $(document).ready(function(){ [% FOREACH notfoundbarcode IN notfoundbarcodes %] - [% notfoundbarcode.barcode %] + [% notfoundbarcode.barcode |html %] [% END %] -- 2.39.5