projects / koha-equinox.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: bb4543f) | patch
Bug 16597: Fix XSS in opac-shelves.pl
authorChris Cormack <chrisc@catalyst.net.nz>
Thu, 26 May 2016 09:06:18 +0000 (21:06 +1200)
committerBrendan Gallagher <brendan@bywatersolutions.com>
Mon, 30 May 2016 11:14:03 +0000 (11:14 +0000)
commit344033c32490df3e396ed530dcbf250086483371
tree80f231e3aa19b30ad6b91fbbf7ea64332b0d7141tree | snapshot
parentbb4543f7db62836b048c632a0a184acb021286adcommit | diff
Bug 16597: Fix XSS in opac-shelves.pl

To test
1/ Hit /cgi-bin/koha/opac-shelves.pl?shelfnumber=5&category=1&op=edit_form&referer="><script>alert('XSS')</SCRIPT>
2/ Notice JS is executed
3/ Apply patch
4/ Notice it's fixed

This bug reported by

Alex Middleton at Dionach

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt diff | blob | history
Koha with Equinox developments in process and local tweaks