]> git.koha-community.org Git - koha.git/commit
Bug 19105 - XSS Stored in holidays.pl
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Tue, 15 Aug 2017 03:53:13 +0000 (09:23 +0530)
committerKatrin Fischer <katrin.fischer.83@web.de>
Sun, 20 Aug 2017 13:38:06 +0000 (15:38 +0200)
commita6994fa928c3a47dc4f56493af789a2cb54b3256
tree234b63c15c3224094b74200a0bf550e16f484c92
parentcc0033d9b6e932f3e52075776503e4956406188c
Bug 19105 - XSS Stored in holidays.pl

To Test
1. Hit the page /cgi-bin/koha/tools/holidays.pl
2. Select the date
3. Add a text in the field Title and Description that contains js
4. Save the page.
5. Notice js is execute
6. Apply patch and reload, the js is escaped

Fixed for all holidays

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
koha-tmpl/intranet-tmpl/prog/en/modules/tools/holidays.tt