From 2d308456010745b90bcd99f40d56db0fcd9cad65 Mon Sep 17 00:00:00 2001 From: Katrin Fischer Date: Wed, 16 Aug 2017 12:05:50 +0200 Subject: [PATCH] Bug 19125: Fix Stored XSS in members.pl In preparation to test this patch: - Add a patron list named - Add a library named - Add a patron category named To test: - Access patron search page and do a search - Verify that the alerts added above are executed - Apply patch - Verify that no alerts are displayed Signed-off-by: Amit Gupta Signed-off-by: Marcel de Rooy Signed-off-by: Jonathan Druart --- koha-tmpl/intranet-tmpl/prog/en/includes/html_helpers.inc | 2 +- koha-tmpl/intranet-tmpl/prog/en/includes/patron-search.inc | 6 +++--- koha-tmpl/intranet-tmpl/prog/en/includes/patron-toolbar.inc | 4 ++-- koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt | 6 +++--- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/html_helpers.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/html_helpers.inc index 4e970c7980..089680f25a 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/includes/html_helpers.inc +++ b/koha-tmpl/intranet-tmpl/prog/en/includes/html_helpers.inc @@ -3,7 +3,7 @@ [% IF l.selected %] [% ELSE %] - + [% END%] [% END %] [% END %] diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/patron-search.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/patron-search.inc index ad82db303c..a10fc2fb7e 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/includes/patron-search.inc +++ b/koha-tmpl/intranet-tmpl/prog/en/includes/patron-search.inc @@ -94,7 +94,7 @@ [% IF b.selected %] [% ELSE %] - + [% END %] [% END %] @@ -107,9 +107,9 @@ [% FOREACH category IN categories %] [% IF category.categorycode == categorycode_filter %] - + [% ELSE %] - + [% END %] [% END %] diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/patron-toolbar.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/patron-toolbar.inc index a4a4051a90..c57910bcb3 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/includes/patron-toolbar.inc +++ b/koha-tmpl/intranet-tmpl/prog/en/includes/patron-toolbar.inc @@ -7,14 +7,14 @@
[% IF Koha.Preference('PatronQuickAddFields') || Koha.Preference('BorrowerMandatoryField') %]
[% END %] diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt index 73598d8e7c..0c5e044d86 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt @@ -373,7 +373,7 @@ function filterByFirstLetterSurname(letter) { [% IF patron_lists %] [% FOREACH pl IN patron_lists %] - + [% END %] [% END %] @@ -497,9 +497,9 @@ function filterByFirstLetterSurname(letter) { [% FOREACH cat IN categories %] [% IF cat.categorycode == categorycode_filter %] - + [% ELSE %] - + [% END %] [% END %] -- 2.39.5