[Koha-bugs] [Bug 11322] Suggestion "notes" field should be sanitized or escaped
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Dec 3 00:51:03 CET 2013
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11322
--- Comment #9 from Katrin Fischer <katrin.fischer at bsz-bw.de> ---
Created attachment 23247
-->
http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=23247&action=edit
[PASSED QA] Bug 11322 : XSS in suggestions
To test
1/ Switch on purchase suggestions
2/ On the public interface (OPAC) add a suggestion, put html in every
field
3/ In the staff interface go to the suggestions page
/cgi-bin/koha/suggestion/suggestion.pl
4/ Notice the html is rendered
5/ Click on a suggestion, notice the html is rendered on the show page
also
6/ Apply the patch, check these two pages again, html should now be
escaped
Signed-off-by: David Cook <dcook at prosentient.com.au>
Works as described.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de>
Passes all tests, thx Chris!
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list