| commit | 611df7517a2f1fa58c6780463ff56253d908a23d | |
| author | Chris Cormack <chrisc@catalyst.net.nz> | |
| Thu, 18 Jun 2015 21:25:22 +0000 (19 09:25 +1200) | ||
| committer | Liz Rea <wizzyrea@gmail.com> | |
| Sat, 20 Jun 2015 00:50:51 +0000 (20 12:50 +1200) | ||
| tree | d146c03844659bd0e11758da7353a0e0c5aa97cb | treesnapshot (tar.gz zip) |
| parent | 0cba81194f86b1b7fbea9d2ab48fe8c995a3c247 | commitdiff |
Bug 14418 XSS Vulnerabilities
Fix for /cgi-bin/koha/opac-search.pl
To test
1/ Hit /cgi-bin/koha/opac-search.pl?tag="><script
src='http://cst.sba-research.org/x.js'/>&q=a
2/ Notice the js is executed
3/ Apply patch
4/ Reload page, notice it is no longer executed
5/ Test the rss links work still
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Confirmed bug and that the patch fixes it.
Fix for /cgi-bin/koha/opac-search.pl
To test
1/ Hit /cgi-bin/koha/opac-search.pl?tag="><script
src='http://cst.sba-research.org/x.js'/>&q=a
2/ Notice the js is executed
3/ Apply patch
4/ Reload page, notice it is no longer executed
5/ Test the rss links work still
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Confirmed bug and that the patch fixes it.
| koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-results.tt | diffblobblamehistory |