From 1a7040b7b0596a25a988568f0da0b47dd12c9f28 Mon Sep 17 00:00:00 2001 From: Amit Gupta Date: Mon, 7 Aug 2017 22:34:05 +0530 Subject: [PATCH] Bug 19054 - XSS Flaws in Report - Top Most-circulated items 1. Hit /cgi-bin/koha/reports/cat_issues_top.pl 2. Enter in Callnumber, Day, Month, Year search box. 3. Notice the iframe is executed. 4. Apply patch. 5. Reload page, and enter iframe again on Callnumber, Day, Month, Year search box. 6. Notice it is no longer executed. Signed-off-by: Chris Cormack Signed-off-by: Marcel de Rooy Signed-off-by: Jonathan Druart --- .../intranet-tmpl/prog/en/modules/reports/cat_issues_top.tt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/reports/cat_issues_top.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/reports/cat_issues_top.tt index 7365de18e6..555ea64eb7 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/reports/cat_issues_top.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/reports/cat_issues_top.tt @@ -59,7 +59,7 @@ [% IF ( mainloo.loopfilter ) %]

Filtered on:

[% FOREACH loopfilte IN mainloo.loopfilter %] -

[% IF ( loopfilte.err ) %] [% END %] [% loopfilte.crit %] =[% loopfilte.filter %][% IF ( loopfilte.err ) %] [% END %]

+

[% IF ( loopfilte.err ) %] [% END %] [% loopfilte.crit %] =[% loopfilte.filter |html %][% IF ( loopfilte.err ) %] [% END %]

[% END %] [% END %] -- 2.39.5