From 858e3b2043e0eb1ce5bb9a6c36b3b87afb69ae22 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Thu, 26 May 2016 12:03:55 +0100 Subject: [PATCH] Bug 16599: Fix XSS in opac-shareshelf.pl Test plan: - Create a list with the name "" - On the shelf list, click on share => Without this patch you will see the JS alert => With this patch applied you won't see it Reported by Kaybee at Dionach Signed-off-by: Chris Cormack Signed-off-by: Marcel de Rooy Signed-off-by: Brendan Gallagher (cherry picked from commit a44a930c076fceca0f7193f488e187d9849f89b6) Signed-off-by: Julian Maurice --- koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shareshelf.tt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shareshelf.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shareshelf.tt index 8a9de13e7d..fe4179b868 100644 --- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shareshelf.tt +++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shareshelf.tt @@ -50,7 +50,7 @@
    -
  1. [% shelfname %]
  2. +
  3. [% shelfname | html %]
  4. @@ -67,7 +67,7 @@ [% ELSIF op=='conf_invite' %]
    [% IF approvedaddress %] -

    An invitation to share list [% shelfname %] will be sent shortly to [% approvedaddress %].

    +

    An invitation to share list [% shelfname | html %] will be sent shortly to [% approvedaddress %].

    [% END %] [% IF failaddress %]

    Something went wrong while processing the following addresses. Please check them. These are: [% failaddress %]

    -- 2.39.5