projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 344033c) | patch
Bug 16597: Fix XSS in opac-shareshelf
authorChris Cormack <chrisc@catalyst.net.nz>
Thu, 26 May 2016 09:33:33 +0000 (21:33 +1200)
committerBrendan Gallagher <brendan@bywatersolutions.com>
Mon, 30 May 2016 11:14:03 +0000 (11:14 +0000)
commitc47c835672a8fcd8c7df79663443f01639fc7657
treeb1504e753ae57694325f1917ce12938e42dc1905tree | snapshot
parent344033c32490df3e396ed530dcbf250086483371commit | diff
Bug 16597: Fix XSS in opac-shareshelf

To test
1/ Go to /cgi-bin/koha/opac-shareshelf.pl?op="><script>alert('XSS')</script>&shelfnumber=5
2/ Notice you see a js alert
3/ Apply patch
4/ It is gone

Reported by
Alex Middleton at Dionach

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shareshelf.tt diff | blob | history
Mirror of git://git.koha-community.org/koha.git