From 77a8be98a47c3a424a4e81e1da25fbfed961bec3 Mon Sep 17 00:00:00 2001 From: Amit Gupta Date: Mon, 7 Aug 2017 20:49:56 +0530 Subject: [PATCH] Bug 19050 - XSS Flaws in Quick spine label creator 1. Hit /cgi-bin/koha/labels/spinelabel-home.pl 2. Enter barcode text box. 3. Notice the iframe is executed 4. Apply patch 5. Reload page, and enter iframe again on barcode text box. 6. Notice it is no longer executed Signed-off-by: Chris Cormack Signed-off-by: Marcel de Rooy Signed-off-by: Jonathan Druart (cherry picked from commit 18b6e1f5272ee4e2c4c1971a4346c1759df4b3d6) Signed-off-by: Fridolin Somers --- .../intranet-tmpl/prog/en/modules/labels/spinelabel-print.tt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/labels/spinelabel-print.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/labels/spinelabel-print.tt index 85aaae4756..47b3602395 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/labels/spinelabel-print.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/labels/spinelabel-print.tt @@ -23,7 +23,7 @@ [% IF ( BarcodeNotFound ) %] -

The barcode [% Barcode %] was not found.

+

The barcode [% Barcode |html %] was not found.

Return to spine label printer

[% ELSE %] -- 2.39.5