Bug 13510 : Fixing the third XSS issue

To test

1/ Make sure you have some items in your database, that have values in items.issue
If nessecary do something like

UPDATE items SET issues = 10 WHERE itemnumber=somenumber

2/ Hit a url like http://localhost:8080/cgi-bin/koha/opac-topissues.pl?do_it=1&timeLimit=3%3Cscript%3Eprompt%28924513%29%3C/script%3E

3/ Notice you will get a prompt
4/ Apply patch
5/ Test again

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 82e3bc7e21995172465c0482ba9af9a99cef5a78)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>

diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-topissues.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-topissues.tt
index 9ed2e96..950a4d9 100644 (file)
--- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-topissues.tt
+++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-topissues.tt
@@ -49,7 +49,7 @@
                                     [% branch %]
                                     [% END %]
                                     [% IF ( timeLimitFinite ) %]
-                                    in the past [% timeLimitFinite %] months
+                                    in the past [% timeLimitFinite |html %] months
                                     [% ELSE %] of all time[% END %]
                                 </caption>
                                 <thead>