From c57d0b71c7b9bac44cd79c822e3009136bbf25fe Mon Sep 17 00:00:00 2001 From: Amit Gupta Date: Mon, 7 Aug 2017 20:49:56 +0530 Subject: [PATCH] Bug 19050 - XSS Flaws in Quick spine label creator 1. Hit /cgi-bin/koha/labels/spinelabel-home.pl 2. Enter barcode text box. 3. Notice the iframe is executed 4. Apply patch 5. Reload page, and enter iframe again on barcode text box. 6. Notice it is no longer executed Signed-off-by: Chris Cormack Signed-off-by: Marcel de Rooy Signed-off-by: Jonathan Druart --- .../intranet-tmpl/prog/en/modules/labels/spinelabel-print.tt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/labels/spinelabel-print.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/labels/spinelabel-print.tt index 85aaae4756..47b3602395 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/labels/spinelabel-print.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/labels/spinelabel-print.tt @@ -23,7 +23,7 @@ [% IF ( BarcodeNotFound ) %] -

The barcode [% Barcode %] was not found.

+

The barcode [% Barcode |html %] was not found.

Return to spine label printer

[% ELSE %] -- 2.39.5