| commit | 4333617b1d33b2c7c0488de593c76ac79f4ebf70 | |
| author | Amit Gupta <amit.gupta@informaticsglobal.com> | |
| Mon, 13 Nov 2017 03:35:14 +0000 (13 09:05 +0530) | ||
| committer | Nick Clemens <nick@bywatersolutions.com> | |
| Thu, 21 Dec 2017 12:07:24 +0000 (21 12:07 +0000) | ||
| tree | e6c3f542bf66f2f60ae7ebe36b6ecb70c025e844 | treesnapshot (tar.gz zip) |
| parent | 99d327a5ea039b98f2bb19a3ef29431b33437cb7 | commitdiff |
Bug 19612: Fix XSS in members/memberentry.pl
To Test
1. Hit the page /cgi-bin/koha/members/memberentry.pl
2. Add a text in the field address, address2, city, state, country,
zipcode, B_streetnumber, B_city, B_country, B_zipcode that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
To Test
1. Hit the page /cgi-bin/koha/members/memberentry.pl
2. Add a text in the field address, address2, city, state, country,
zipcode, B_streetnumber, B_city, B_country, B_zipcode that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>