]> git.koha-community.org Git - koha.git/commit
projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3336fbf) | patch
Bug 14423 : XSS bugs in catalogue search
authorChris <chris@bigballofwax.co.nz>
Sun, 21 Jun 2015 09:01:32 +0000 (09:01 +0000)
committerMason James <mtj@kohaaloha.com>
Tue, 23 Jun 2015 03:30:08 +0000 (15:30 +1200)
commitfce867ca00ca89f5253f909171f108366b33de28
treee2183501226086ac6e80f0d93572c24f49bcd604tree | snapshot
parent3336fbf142e6a8cfc767fdf137b9a437a83ddce0commit | diff
Bug 14423 : XSS bugs in catalogue search

To test

1/ hit a url like http://localhost:8081/cgi-bin/koha/catalogue/search.pl?limit=%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E
2/ Notice alert boxes
3/ Apply patch
4/ Reload url, no alerts
5/ Check search still works

Signed-off-by: Mason James <mtj@kohaaloha.com>
koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/results.tt diff | blob | history
Main Koha release repository