]> git.koha-community.org Git - koha.git/commit
Bug 19035 - Stored XSS in lists.pl
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Tue, 15 Aug 2017 03:03:41 +0000 (08:33 +0530)
committerKatrin Fischer <katrin.fischer.83@web.de>
Sun, 20 Aug 2017 13:35:59 +0000 (15:35 +0200)
commita2aaa3383e531839a06e71d90ce8fb9f753a8561
tree9c7b734c47ec3061f67ac3baab371bfd1bf80809
parent7ffc92ca2dc07e56f13a8d18f86ac373a90a2c84
Bug 19035 - Stored XSS in lists.pl

To Test
1. Hit the page /cgi-bin/koha/patron_lists/lists.pl
2. Click on new patron list
3. Add a text in the field Name that contains js
4. Save the page.
5. Notice js is execute
6. Apply patch and reload, the js is escaped

Fixed in both the pages list.pl and list.pl?patron_list_id=xx
xx is patronlist id

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
koha-tmpl/intranet-tmpl/prog/en/modules/patron_lists/list.tt
koha-tmpl/intranet-tmpl/prog/en/modules/patron_lists/lists.tt