git.koha-community.org Git - koha.git/commit

author	Aleisha <aleishaamohia@hotmail.com>
	Mon, 8 Jun 2015 02:30:23 +0000 (02:30 +0000)
committer	Liz Rea <wizzyrea@gmail.com>
	Tue, 16 Jun 2015 01:19:40 +0000 (13:19 +1200)
commit	20213b7d5c2d4a13e01c27969fc184e0c21ec3ae
tree	f483591f157dabdf9053fcbf867fd474926955f7	tree \| snapshot
parent	817e8f298f60279cc5c49fc0bc3bbea39f882dce	commit \| diff

Bug 14360: Unescaped variable causes alert

Adding |html to [% resultsperpage %] to escape the variable and get rid of the alert.

To test:

1) Go to URL such as ... /cgi-bin/koha/opac-authorities-home.pl?op=do_search&resultsperpage=1%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
2) Notice pop-up box with alert
3) Apply patch, refresh page
4) Notice alert is gone

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
(cherry picked from commit 9e920f7479df6d36db3e3450d6e6c2524fa9fe56)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Liz Rea <wizzyrea@gmail.com>