projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2d30845) | patch
Bug 19128: Fix Stored XSS in patron-attr-types.pl, authorised_values.pl and categories.pl
authorKatrin Fischer <katrin.fischer.83@web.de>
Wed, 16 Aug 2017 12:34:17 +0000 (14:34 +0200)
committerJonathan Druart <jonathan.druart@bugs.koha-community.org>
Fri, 29 Sep 2017 15:20:45 +0000 (12:20 -0300)
commitb4608887f664ed73d6813375f503b2bebd542adb
tree4f09d3d6a8cd5566d08b99c40f5d1f3db8d69846tree | snapshot
parent2d308456010745b90bcd99f40d56db0fcd9cad65commit | diff
Bug 19128: Fix Stored XSS in patron-attr-types.pl, authorised_values.pl and categories.pl

Preparation:
- Add a branch with script in the branch name
- Add a patron category with script in the category name
- Add a new authorised value cateogory with script
- Add a new authroised value for this category with script
  in all possible fields

- Test editing patron categories
- Test editing patron attribute types
- Test viewing and editing authorised values

Verify that with this script there is no more script executed
and everything works fine.

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
koha-tmpl/intranet-tmpl/prog/en/modules/admin/authorised_values.tt diff | blob | history
koha-tmpl/intranet-tmpl/prog/en/modules/admin/categories.tt diff | blob | history
koha-tmpl/intranet-tmpl/prog/en/modules/admin/patron-attr-types.tt diff | blob | history
Mirror of git://git.koha-community.org/koha.git