projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 24aac1c) | patch
Bug 14423: XSS issues in marc_subfields_structure
authorChris <chris@bigballofwax.co.nz>
Sun, 21 Jun 2015 08:46:40 +0000 (08:46 +0000)
committerChris Cormack <chrisc@catalyst.net.nz>
Sun, 12 Jul 2015 21:32:01 +0000 (09:32 +1200)
commitd96b9c1ca2594f98c577bbdf7079dbb0f9581853
tree028a51432a35edc6f64a1505e3d197ce13afbc25tree | snapshot
parent24aac1c17423a86e9936e64e37b4a500025b3b9acommit | diff
Bug 14423: XSS issues in marc_subfields_structure

1/ Hit a url like http://localhost:8081/cgi-bin/koha/admin/marc_subfields_structure.pl?op=add_form&tagfield=%22/%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E
2/ Notice all the alert boxes
3/ Apply patch
4/ Reload page, no more alerts
5/ Test functionality still works

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 91a8584aa845fb1695a46fe3b89197f7d1365d94)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
koha-tmpl/intranet-tmpl/prog/en/modules/admin/marc_subfields_structure.tt diff | blob | history
Main Koha release repository