From fabd0f82c11521fcde8f699bf0fa7ead362ea5a7 Mon Sep 17 00:00:00 2001 From: Amit Gupta Date: Tue, 15 Aug 2017 19:51:48 +0530 Subject: [PATCH] Bug 19112 - Stored XSS in basketheader.pl page To Test 1. Hit the page /cgi-bin/koha/acqui/basketheader.pl?booksellerid=1&op=add_form 2. Add a text in the field Basket name, Internal note, Vendor note that contains java script 3. Save the page 4. Notice js is execute 5. Apply patch, reload, js is escaped. Fixed XSS on pages basket.pl/basketheader.pl/bookseller.pl Signed-off-by: Katrin Fischer Signed-off-by: Marcel de Rooy --- koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basket.tt | 4 ++-- .../intranet-tmpl/prog/en/modules/acqui/basketheader.tt | 8 ++++---- .../intranet-tmpl/prog/en/modules/acqui/booksellers.tt | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basket.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basket.tt index 2695796dc2..47a5e57f0f 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basket.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basket.tt @@ -323,8 +323,8 @@
    - [% IF ( basketnote ) %]
  1. Internal note: [% basketnote %]
  2. [% END %] - [% IF ( basketbooksellernote ) %]
  3. Vendor note: [% basketbooksellernote %]
  4. [% END %] + [% IF ( basketnote ) %]
  5. Internal note: [% basketnote |html %]
  6. [% END %] + [% IF ( basketbooksellernote ) %]
  7. Vendor note: [% basketbooksellernote |html %]
  8. [% END %] [% IF ( basketcontractno ) %]
  9. Contract name: [% basketcontractname %]
  10. [% END %] diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basketheader.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basketheader.tt index 5cc8cc7982..b3be24135a 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basketheader.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basketheader.tt @@ -19,7 +19,7 @@ Acquisitions[% booksellername %] › [% IF ( add_form ) %] - [% IF ( basketno ) %]Edit basket '[% basketname %]' + [% IF ( basketno ) %]Edit basket '[% basketname |html %]' [% ELSE %]Add a basket to [% booksellername %] [% END %] [% END %] @@ -32,7 +32,7 @@ [% IF ( add_form ) %] [% IF ( basketno ) %] -

    Edit basket [% basketname %]

    +

    Edit basket [% basketname |html %]

    [% ELSE %]

    Add a basket to [% booksellername %]

    [% END %]
    @@ -78,11 +78,11 @@
  11.   - +
  12.   - +
  13. [% IF ( contractloop ) %]
  14. diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tt index ff92a913d6..60c593d0b2 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tt @@ -122,7 +122,7 @@ $(document).ready(function() { [% END %] [% basket.basketno %] - [% basket.basketname %] + [% basket.basketname |html %] [% basket.total_items %] [% IF basket.total_items_cancelled %] -- 2.39.5