[Koha-bugs] [Bug 13618] Prevent XSS in the Staff Client and the OPAC
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Aug 28 14:03:18 CEST 2015
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13618
--- Comment #55 from Jonathan Druart <jonathan.druart at bugs.koha-community.org> ---
(In reply to Joonas Kylmälä from comment #52)
> (In reply to Joonas Kylmälä from comment #51)
> > Created attachment 42054 [details] [review] [review]
> > Bug 13618: Use Template::Stash::AutoEscaping to use the html filter
> >
> > Test plan done and worked. I deleted the commits from 13609, and then
> > applied this and it also solved the xss vulnerability.
> >
> > Signed-off-by: Joonas Kylmälä <j.kylmala at gmail.com>
>
> Thought it worked, but now noticed it broked the html in
> /cgi-bin/koha/opac-tags.pl?mine=1 (my tags in opac). Under the title column
> it only shows html as plain text.
"Bug 13618: Specific for other prefs" reuploaded, OPACMySummaryNote was not
correctly managed.
New patch "Specific for XSLTBloc" should fix your issue
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list