| commit | 9b4777878f59c7a0c3653f54b6a2cff85bb278a8 | |
| author | Amit Gupta <amit.gupta@informaticsglobal.com> | |
| Wed, 16 Aug 2017 12:26:17 +0000 (16 17:56 +0530) | ||
| committer | Fridolin Somers <fridolin.somers@biblibre.com> | |
| Tue, 19 Sep 2017 13:59:07 +0000 (19 15:59 +0200) | ||
| tree | 960a3eaa73263236396b8631ac2d59e67d1e25cd | treesnapshot (tar.gz zip) |
| parent | d5c7edc55da6aaf78d25d131ebb35ab659a0084d | commitdiff |
Bug 19127 - Stored XSS in csv-profiles.pl
To Test
1. Hit the page /cgi-bin/koha/tools/csv-profiles.pl?op=add_form
2. Add a text in the field Profile name, Profile description
and Profile MARC fields that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 7a3ee2dd8cb233d083d8a7b8636eca7c6d518b8b)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
To Test
1. Hit the page /cgi-bin/koha/tools/csv-profiles.pl?op=add_form
2. Add a text in the field Profile name, Profile description
and Profile MARC fields that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 7a3ee2dd8cb233d083d8a7b8636eca7c6d518b8b)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
| koha-tmpl/intranet-tmpl/prog/en/modules/tools/csv-profiles.tt | diffblobblamehistory |