Bug 16587 opac-sendshelf.pl is vulnerable to XSS

To test
1/ Hit a url like
http://localhost:8080/cgi-bin/koha/opac-sendshelf.pl?email=%3Cscript%3Ealert(%27XSS%27)%3C%2Fscript%3Ezz%40zz&comment=tes&shelfid=4
2/ Notice you get a js alert
3/ Apply patch
4/ Notice the js is now escaped

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>

diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-sendshelfform.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-sendshelfform.tt
index 06a9c06..c5e9fe8 100644 (file)
--- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-sendshelfform.tt
+++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-sendshelfform.tt
@@ -13,7 +13,7 @@
                             [% IF ( SENT ) %]
                                 <h1>Message sent</h1>
                                 <div class="alert alert-success">
-                                    <p>The list was sent to: [% email %]</p>
+                                    <p>The list was sent to: [% email | html %]</p>
                                 </div>
                                 <p><a class="focus close" href="/cgi-bin/koha/opac-shelves.pl?op=view&amp;shelfnumber=[% shelfid %]">Back to lists</a></p>
                             [% END %]