From bugzilla-daemon@bugs.koha-community.org Wed Oct 24 15:32:54 2012 From: bugzilla-daemon@bugs.koha-community.org To: koha-bugs@lists.koha-community.org Subject: [Koha-bugs] [Bug 3652] XSS vulnerabilities Date: Wed, 24 Oct 2012 13:48:16 +0000 Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0923090088167110530==" --===============0923090088167110530== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=3652 Paul Poulain changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |ASSIGNED Version|master |rel_3_10 --- Comment #46 from Paul Poulain --- The 3 patches Bug 3652: close XSS vulnerabilities on biblionumber and authid (3.40 KB, patch) Bug 3652: close XSS vulnerabilities in opac-export (2.62 KB, patch) bug 3652 fixing XSS vulnerabilities in opac-search (3.04 KB, patch) have been pushed QA comment for Bug 3652: close XSS vulnerabilities on biblionumber and authid (3.40 KB, patch) = I made a follow-up to remove the || $query->param('bib'); (see comment 38) I think opac-detail.pl could also be fixed, but in case there's an old reference to this, I won't do that without a specific patch. Comment for opac-search = the XSS did not work for me if I entered > Search in the opac for ';