From c20974570d5198c5c4326e8af977e525f43d9e62 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Thu, 20 May 2021 08:34:48 +0200 Subject: [PATCH] Bug 20982: Sanitize category to prevent XSS on opac-shelves.pl == Test plan == 1. Go to http://localhost:8080/cgi-bin/koha/opac-shelves.pl?category=function(){window.location.href%20=%20%27https://git.koha-community.org/stats/koha-master/authors.html%27}() 2. Note that you are redirected to another website 3. Apply the patch & restart services 4. Repeat the above and you are not redirected Signed-off-by: Victor Grousset/tuxayo Signed-off-by: David Cook Signed-off-by: Andrew Fuerste-Henry --- koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt | 2 +- opac/opac-shelves.pl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt index 46cbf0fedb..a3c65f24b7 100644 --- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt +++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt @@ -1040,7 +1040,7 @@ function AdjustRemark() { if( $("#category").length > 0 ) { category = $("#category").val(); } else { - category = [% category | html %]; + category = "[% category | html %]"; } var perms = $("#allow_changes_from").val(); diff --git a/opac/opac-shelves.pl b/opac/opac-shelves.pl index 180d0d2701..4c9295fec9 100755 --- a/opac/opac-shelves.pl +++ b/opac/opac-shelves.pl @@ -428,7 +428,7 @@ $template->param( referer => $referer, shelf => $shelf, messages => \@messages, - category => $category, + category => ($category == 1 || $category == 2) ? $category : "", print => scalar $query->param('print') || 0, listsview => 1, ); -- 2.39.5