From 344033c32490df3e396ed530dcbf250086483371 Mon Sep 17 00:00:00 2001 From: Chris Cormack Date: Thu, 26 May 2016 21:06:18 +1200 Subject: [PATCH] Bug 16597: Fix XSS in opac-shelves.pl To test 1/ Hit /cgi-bin/koha/opac-shelves.pl?shelfnumber=5&category=1&op=edit_form&referer="> 2/ Notice JS is executed 3/ Apply patch 4/ Notice it's fixed This bug reported by Alex Middleton at Dionach Signed-off-by: Chris Cormack Signed-off-by: Marcel de Rooy Signed-off-by: Brendan Gallagher --- koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt index ab704abe62..4050672dbd 100644 --- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt +++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt @@ -549,7 +549,7 @@ [% ELSE %] Editing [% shelf.shelfname |html %] - + [% END %] -- 2.39.5