From c47c835672a8fcd8c7df79663443f01639fc7657 Mon Sep 17 00:00:00 2001 From: Chris Cormack Date: Thu, 26 May 2016 21:33:33 +1200 Subject: [PATCH] Bug 16597: Fix XSS in opac-shareshelf To test 1/ Go to /cgi-bin/koha/opac-shareshelf.pl?op=">&shelfnumber=5 2/ Notice you see a js alert 3/ Apply patch 4/ It is gone Reported by Alex Middleton at Dionach Signed-off-by: Chris Cormack Signed-off-by: Marcel de Rooy Signed-off-by: Brendan Gallagher --- koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shareshelf.tt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shareshelf.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shareshelf.tt index fe4179b868..8ac96dba4f 100644 --- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shareshelf.tt +++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shareshelf.tt @@ -32,7 +32,7 @@
[% IF errcode %] - [% IF errcode==1 && op %]
The operation [% op %] is not supported.
[% END %] + [% IF errcode==1 && op %]
The operation [% op | html %] is not supported.
[% END %] [% IF errcode==1 && !op %]
No operation parameter has been passed.
[% END %] [% IF errcode==2 %]
Invalid shelf number.
[% END %] [% IF errcode==3 %]
The feature of sharing lists is not in use in this library.
[% END %] -- 2.39.5