Bug 19086: Fix Stored XSS in members/member.pl

To test
1/ hit /cgi-bin/koha/members/member.pl?&searchmember=<script>alert('XSS Payload')</script>
2/ Notice js is executed
3/ Apply patch, reload
4/ js is now escaped

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt
index f8f2471..73598d8 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt
@@ -115,7 +115,7 @@ var dtMemberResults;
 var search = 1;
 $(document).ready(function() {
     [% IF searchmember %]
-        $("#searchmember_filter").val("[% searchmember %]");
+        $("#searchmember_filter").val("[% searchmember | html %]");
     [% END %]
     [% IF searchfieldstype %]
         $("searchfieldstype_filter").val("[% searchfieldstype %]");
@@ -357,7 +357,7 @@ function filterByFirstLetterSurname(letter) {
 
           <div id="searchresults">
             <div id="searchheader">
-              <h3>Patrons found for: <span id="searchpattern">[% IF searchmember %] for '[% searchmember %]'[% END %]</span></h3>
+              <h3>Patrons found for: <span id="searchpattern">[% IF searchmember %] for '[% searchmember | html %]'[% END %]</span></h3>
             </div>
             [% IF CAN_user_tools_manage_patron_lists %]
               <div id="searchheader">