From a8877cea3bb5d329f1eb466ea282977d4888d7e4 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Wed, 14 Aug 2019 13:31:53 -0400 Subject: [PATCH] Bug 23451: [18.11.x] Prevent XSS vulnerabilities in opac-imageviewer.pl And certainly in other sripts as it is in opac-bottom.inc Signed-off-by: Liz Rea Signed-off-by: Nick Clemens Signed-off-by: Lucas Gass --- koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-bottom.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-bottom.inc b/koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-bottom.inc index 8b8d9ddf6e..d528879d24 100644 --- a/koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-bottom.inc +++ b/koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-bottom.inc @@ -195,7 +195,7 @@ $.widget.bridge('uitooltip', $.ui.tooltip); return false; }); $("#ulactioncontainer > ul > li > a.addtoshelf").on("click",function(){ - Dopop('opac-addbybiblionumber.pl?biblionumber=[% biblionumber | html %]'); + Dopop('opac-addbybiblionumber.pl?biblionumber=[% biblionumber | uri %]'); return false; }); $("body").on("click", ".addtocart", function(e){ -- 2.39.5