]> git.koha-community.org Git - koha.git/commit
Bug 14423: XSS bug in lateorders
authorChris <chris@bigballofwax.co.nz>
Sun, 21 Jun 2015 08:18:20 +0000 (08:18 +0000)
committerTomas Cohen Arazi <tomascohen@theke.io>
Tue, 23 Jun 2015 13:11:57 +0000 (10:11 -0300)
commit3601c6fb1b19ef52cf441b473b34d98a17bc887a
tree1002d2e074d422f10ec2a1ebce055f5d58688e6a
parent98901d27be4cf6fd6210ebb32b9cddf2fcd827a0
Bug 14423: XSS bug in lateorders

1/ hit a url like http://localhost:8081/cgi-bin/koha/acqui/lateorders.pl?delay=<script>alert('oh noes')</script>&estimateddeliverydatefrom
2/ Not you get an alert box
3/ Apply patch notice it is fixed
4/ Test functionality still works

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
koha-tmpl/intranet-tmpl/prog/en/modules/acqui/lateorders.tt