From bugzilla-daemon@bugs.koha-community.org Wed Oct 24 15:32:54 2012
From: bugzilla-daemon@bugs.koha-community.org
To: koha-bugs@lists.koha-community.org
Subject: [Koha-bugs] [Bug 3652] XSS vulnerabilities
Date: Wed, 24 Oct 2012 13:48:16 +0000
Message-ID:
In-Reply-To:
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0923090088167110530=="
--===============0923090088167110530==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=3652
Paul Poulain changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|Signed Off |ASSIGNED
Version|master |rel_3_10
--- Comment #46 from Paul Poulain ---
The 3 patches
Bug 3652: close XSS vulnerabilities on biblionumber and authid (3.40 KB,
patch)
Bug 3652: close XSS vulnerabilities in opac-export (2.62 KB, patch)
bug 3652 fixing XSS vulnerabilities in opac-search (3.04 KB, patch)
have been pushed
QA comment for Bug 3652: close XSS vulnerabilities on biblionumber and authid
(3.40 KB, patch) = I made a follow-up to remove the || $query->param('bib');
(see comment 38)
I think opac-detail.pl could also be fixed, but in case there's an old
reference to this, I won't do that without a specific patch.
Comment for opac-search = the XSS did not work for me if I entered
> Search in the opac for ';