projects / koha.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch (parent: 1e908ec)
Bug 16958: Fix XSS in opac-imageviewer.pl
authorJonathan Druart <jonathan.druart@bugs.koha-community.org>
Fri, 22 Jul 2016 07:14:27 +0000 (08:14 +0100)
committerChris Cormack <chrisc@catalyst.net.nz>
Wed, 3 Aug 2016 20:25:52 +0000 (08:25 +1200)
Test plan:
Trigger
/opac-imageviewer.pl?biblionumber=14&imagenumber=7"><sCrIpT>alert(42)<%2fsCrIpT>

=> Without this patch you will see the JS alert
=> With this patch applied you won't see it

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-imageviewer.tt patch | blob | history

diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-imageviewer.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-imageviewer.tt
index 9598f4d..5985b93 100644 (file)
--- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-imageviewer.tt
+++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-imageviewer.tt
@@ -84,7 +84,7 @@
                         <div class="span9">
                             <div id="imageviewer">
                                 <div id="largeCover">
-                                    <img id="largeCoverImg" alt="" src="/cgi-bin/koha/opac-image.pl?imagenumber=[% imagenumber %]" />
+                                    <img id="largeCoverImg" alt="" src="/cgi-bin/koha/opac-image.pl?imagenumber=[% imagenumber | url %]" />
                                 </div>
                             </div> <!-- / #imageviewer -->
                         </div> <!-- / .span12 -->
@@ -94,7 +94,7 @@
                                 <div id="thumbnails">
                                     [% FOREACH img IN images %]
                                         [% IF img %]
-                                            <a href="/cgi-bin/koha/opac-imageviewer.pl?biblionumber=[% biblionumber %]&amp;imagenumber=[% img %]" onclick="showCover([% img %]); return false;">
+                                            <a href="/cgi-bin/koha/opac-imageviewer.pl?biblionumber=[% biblionumber | url %]&amp;imagenumber=[% img %]" onclick="showCover([% img %]); return false;">
                                             [% IF ( imagenumber == img ) %]
                                                 <img class="thumbnail selected" id="[% img %]" src="/cgi-bin/koha/opac-image.pl?imagenumber=[% img %]&amp;thumbnail=1" alt="Thumbnail"/>
                                             [% ELSE %]
@@ -120,7 +120,7 @@
     //<![CDATA[
         $(document).ready(function(){
             $("#largeCoverImg").attr("src","[% interface %]/[% theme %]/images/loading.gif");
-            showCover([% imagenumber %]);
+            showCover([% imagenumber | html %]);
         });
 
         function showCover(img) {
Mirror of git://git.koha-community.org/koha.git