| commit | da6ee1c469c63f6d28dd1302032a19596eb7cd57 | |
| author | Chris <chris@bigballofwax.co.nz> | |
| Mon, 5 Jan 2015 06:37:51 +0000 (5 06:37 +0000) | ||
| committer | Tomas Cohen Arazi <tomascohen@gmail.com> | |
| Thu, 22 Jan 2015 19:35:58 +0000 (22 16:35 -0300) | ||
| tree | b24755d886b52b3f9328242b3e407941f528aa54 | treesnapshot (tar.gz zip) |
| parent | 52fe1238915bf88fbb5f048029b67250e59409a0 | commitdiff |
Bug 13510 : Fixing the third XSS issue
To test
1/ Make sure you have some items in your database, that have values in items.issue
If nessecary do something like
UPDATE items SET issues = 10 WHERE itemnumber=somenumber
2/ Hit a url like http://localhost:8080/cgi-bin/koha/opac-topissues.pl?do_it=1&timeLimit=3%3Cscript%3Eprompt%28924513%29%3C/script%3E
3/ Notice you will get a prompt
4/ Apply patch
5/ Test again
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
To test
1/ Make sure you have some items in your database, that have values in items.issue
If nessecary do something like
UPDATE items SET issues = 10 WHERE itemnumber=somenumber
2/ Hit a url like http://localhost:8080/cgi-bin/koha/opac-topissues.pl?do_it=1&timeLimit=3%3Cscript%3Eprompt%28924513%29%3C/script%3E
3/ Notice you will get a prompt
4/ Apply patch
5/ Test again
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
| koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-topissues.tt | diffblobblamehistory |