projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6d22674) | patch
Bug 19086: Fix Stored XSS in subscription-add.pl
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Mon, 14 Aug 2017 21:14:11 +0000 (02:44 +0530)
committerJonathan Druart <jonathan.druart@bugs.koha-community.org>
Fri, 29 Sep 2017 15:20:45 +0000 (12:20 -0300)
commitec86950780e908f5b2a5d53e21cffede6d570b08
tree9c17124a42f15d0d6b48f1b61aee7d4595856674tree | snapshot
parent6d22674da5062cc61b6bd8667f8fb5775f71b05acommit | diff
Bug 19086: Fix Stored XSS in subscription-add.pl

To Test
1. Hit the page /cgi-bin/koha/serials/subscription-add.pl
2. Add a text in the field Public note and Nonpublic note
   that contains js (Internalnotes, notes)
2. Save the page.
3. Notice js is execute
4. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
koha-tmpl/intranet-tmpl/prog/en/modules/serials/subscription-detail.tt diff | blob | history
Main Koha release repository