git.equinoxoli.org Git - koha.git/commit

author	Chris <chris@bigballofwax.co.nz>
	Sun, 21 Jun 2015 09:01:32 +0000 (09:01 +0000)
committer	Fridolin Somers <fridolin.somers@biblibre.com>
	Tue, 23 Jun 2015 12:35:32 +0000 (14:35 +0200)
commit	94c70537c62e25ac0ed8a5cb71c10c3315653e2d
tree	c6fc8f65e7de3bfb8ff13cf602ded175e6745c2f	tree \| snapshot
parent	735ec07ca761dced366adc2711fb266bbc150099	commit \| diff

Bug 14423 : XSS bugs in catalogue search

To test

1/ hit a url like http://localhost:8081/cgi-bin/koha/catalogue/search.pl?limit=%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E
2/ Notice alert boxes
3/ Apply patch
4/ Reload url, no alerts
5/ Check search still works

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
(cherry picked from commit 48af13bd1a0eff3162d5e8edb867a701e233e5da)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>