]> git.koha-community.org Git - koha.git/commit
Bug 19127 - Stored XSS in csv-profiles.pl
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Wed, 16 Aug 2017 12:26:17 +0000 (17:56 +0530)
committerFridolin Somers <fridolin.somers@biblibre.com>
Tue, 19 Sep 2017 13:59:07 +0000 (15:59 +0200)
commit9b4777878f59c7a0c3653f54b6a2cff85bb278a8
tree960a3eaa73263236396b8631ac2d59e67d1e25cd
parentd5c7edc55da6aaf78d25d131ebb35ab659a0084d
Bug 19127 - Stored XSS in csv-profiles.pl

To Test
1. Hit the page /cgi-bin/koha/tools/csv-profiles.pl?op=add_form
2. Add a text in the field Profile name, Profile description
   and Profile MARC fields that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 7a3ee2dd8cb233d083d8a7b8636eca7c6d518b8b)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
koha-tmpl/intranet-tmpl/prog/en/modules/tools/csv-profiles.tt