From f6e0a619d974fe002ec6a920206c7bc2808bce26 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Tue, 2 Aug 2016 14:06:41 +0100 Subject: [PATCH] Bug 17023: Fix XSS in cataloguing/z3950_search.pl Test plan: Enter the following in the different inputs: => Without this patch you will see the alert => With this patch, no more alert Signed-off-by: Chris Cormack Signed-off-by: Katrin Fischer Signed-off-by: Brendan Gallagher --- .../en/modules/cataloguing/z3950_search.tt | 58 +++++++++---------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/z3950_search.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/z3950_search.tt index f20a49d1ab..c7bc15af06 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/z3950_search.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/z3950_search.tt @@ -70,10 +70,10 @@ tr.selected { background-color : #FFFFCC; } tr.selected td { background-color :
    -
  1. -
  2. +
  3. +
  4. -
  5. +
  6. @@ -82,8 +82,8 @@ tr.selected { background-color : #FFFFCC; } tr.selected td { background-color :
  7. Clear search form
- - + +

Search targets Select all | Clear all

@@ -108,16 +108,16 @@ tr.selected { background-color : #FFFFCC; } tr.selected td { background-color : [% ELSE %]

Results

You searched for: - [% IF ( title ) %]Title: [% title %] [% END %] - [% IF ( author ) %]Author: [% author %] [% END %] - [% IF ( isbn ) %]ISBN: [% isbn %] [% END %] - [% IF ( issn ) %]ISSN: [% issn %] [% END %] - [% IF ( lccall ) %]LC call number: [% lccall %] [% END %] - [% IF ( subject ) %]Subject heading: [% subject %] [% END %] - [% IF ( controlnumber ) %]Control no: [% controlnumber %] [% END %] - [% IF ( dewey ) %]Dewey: [% dewey %] [%END %] - [% IF ( srchany ) %]Raw (any): [% srchany %] [% END %] - [% IF ( stdid ) %]Standard ID: [% stdid %] [% END %] + [% IF ( title ) %]Title: [% title | html %] [% END %] + [% IF ( author ) %]Author: [% author | html %] [% END %] + [% IF ( isbn ) %]ISBN: [% isbn | html %] [% END %] + [% IF ( issn ) %]ISSN: [% issn | html %] [% END %] + [% IF ( lccall ) %]LC call number: [% lccall | html %] [% END %] + [% IF ( subject ) %]Subject heading: [% subject | html %] [% END %] + [% IF ( controlnumber ) %]Control no: [% controlnumber | html %] [% END %] + [% IF ( dewey ) %]Dewey: [% dewey | html %] [%END %] + [% IF ( srchany ) %]Raw (any): [% srchany | html %] [% END %] + [% IF ( stdid ) %]Standard ID: [% stdid | html %] [% END %]

[% IF ( errconn ) %]
@@ -151,7 +151,7 @@ tr.selected { background-color : #FFFFCC; } tr.selected td { background-color : [% IF ( breeding_loo.breedingid ) %] - [% breeding_loo.server %] + [% breeding_loo.server %] [% breeding_loo.title |html %] [% breeding_loo.author %] [% breeding_loo.date %] @@ -160,7 +160,7 @@ tr.selected { background-color : #FFFFCC; } tr.selected td { background-color : [% breeding_loo.lccn %] MARC Card - Import + Import [% END %] [% END %] @@ -181,17 +181,17 @@ tr.selected { background-color : #FFFFCC; } tr.selected td { background-color :
- - - - - - - - - - - + + + + + + + + + + + [% FOREACH server IN servers %] @@ -210,7 +210,7 @@ tr.selected { background-color : #FFFFCC; } tr.selected td { background-color : [% ELSE %]
Nothing found.
[% END %] -

+

[% END %] -- 2.39.5