To test
1/ Hit /cgi-bin/koha/opac-shelves.pl?shelfnumber=5&category=1&op=edit_form&referer="><script>alert('XSS')</SCRIPT>
2/ Notice JS is executed
3/ Apply patch
4/ Notice it's fixed
This bug reported by
Alex Middleton at Dionach
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
[% ELSE %]
<legend>Editing <em>[% shelf.shelfname |html %]</em></legend>
<input type="hidden" name="op" value="edit" />
- <input type="hidden" name="referer" value="[% referer %]" />
+ <input type="hidden" name="referer" value="[% referer | html %]" />
<input type="hidden" name="shelfnumber" value="[% shelf.shelfnumber | html %]" />
[% END %]
<input type="hidden" name="owner" id="owner" value="[% loggedinusernumber %]" />