[Bug 26592] XSS vulnerability when ysearch is used
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26592 Didier Gautheron <didier.gautheron@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |didier.gautheron@biblibre.c | |om --- Comment #25 from Didier Gautheron <didier.gautheron@biblibre.com> --- There's a fix in 20.05 git not in these patches which could be backport to 19.11: commit f67bd64dee422f380824a5520e7a383e3888da97 --- a/koha-tmpl/intranet-tmpl/prog/en/includes/js_includes.inc +++ b/koha-tmpl/intranet-tmpl/prog/en/includes/js_includes.inc @@ -103,11 +103,11 @@ var cardnumber = ""; if( item.cardnumber != "" ){ // Display card number in parentheses if it exists - cardnumber = " (" + ( item.cardnumber ? item.surname.escapeHtml() : "" ) + ") "; + cardnumber = " (" + ( item.cardnumber ? item.cardnumber.escapeHtml() : "" ) + ") "; } ie use cardnumber not surname if there's a cardnumber. -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org