projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9e704e2) | patch
Bug 14423 : Multiple XSS bugs in suggestion.pl
authorChris <chris@bigballofwax.co.nz>
Sun, 21 Jun 2015 09:35:07 +0000 (09:35 +0000)
committerFridolin Somers <fridolin.somers@biblibre.com>
Tue, 23 Jun 2015 12:40:50 +0000 (14:40 +0200)
commit910951512bd240df36ab18f3eb083afe0d75dfaf
tree67ea13b063402fe96b6e4ea5486f063fbcaa48c5tree | snapshot
parent9e704e2b289dc8a9e90108b2d2a5c9266c347171commit | diff
Bug 14423 : Multiple XSS bugs in suggestion.pl

To test
1/ Hit a url like http://localhost:8081/cgi-bin/koha/suggestion/suggestion.pl?author=%22%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E&accepteddate_to=
2/ Notice alert box(es)
3/ Apply patch
4/ Reload and notice alert is gone

Repeat for
collection_title
copyrightdate
isbn
manageddate_from
manageddate_to
publishercode
suggesteddate_from
suggesteddate_to

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
(cherry picked from commit a4310e870247cb57cb1cbca55fed749d63469dcf)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
koha-tmpl/intranet-tmpl/prog/en/modules/suggestion/suggestion.tt diff | blob | history
Mirror of git://git.koha-community.org/koha.git