From bugzilla-daemon@bugs.koha-community.org Thu Jul 19 23:00:27 2018
From: bugzilla-daemon@bugs.koha-community.org
To: koha-bugs@lists.koha-community.org
Subject: [Koha-bugs] [Bug 13618] Prevent XSS in the Staff Client and the OPAC
Date: Thu, 19 Jul 2018 21:00:19 +0000
Message-ID:
In-Reply-To:
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============6602168474532443602=="
--===============6602168474532443602==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=3D13618
--- Comment #219 from Jonathan Druart ---
I am back!
Next version has been pushed to the remote branch -
https://gitlab.com/joubu/Koha/commits/bug_13618
Here is commit message of the main patch:
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain