[Koha-bugs] [Bug 13618] Prevent XSS in the Staff Client and the OPAC

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Wed Nov 25 15:02:25 CET 2015 

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13618

--- Comment #79 from Bernardo Gonzalez Kriegel <bgkriegel at gmail.com> ---
Hi Jonathan,
all patches apply, last patch signeed.
I have a followup to remove some tabs/spaces

Do I have to upload all here?

Also found some "| html | html_line_break " and "| html | url "
Don't know if they need to be removed

git grep "|html "
koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/members_results.tt:20:  
                 "[% data.borrowernotes.replace('\\\\' , '\\\\') |html
|html_line_break |collapse %]",
koha-tmpl/intranet-tmpl/prog/en/modules/patroncards/tables/members_results.tt:29:
                   "[% data.borrowernotes.replace('\\\\' , '\\\\') |html
|html_line_break |collapse %]",
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-results.tt:44:                   
            No results found for that in [% LibraryName %] catalog. <a href="[%
OPACBaseURL %]/cgi-bin/koha/opac-search.pl?[% query_cgi | url %][% limit_cgi |
html | url %]&format=rss2" class="rsssearchlink noprint"><img src="[%
interface %]/[% theme %]/images/feed-icon-16x16.png" alt="Subscribe to this
search" title="Subscribe to this search" border="0" class="rsssearchicon"/></a>
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-search-history.tt:88:            
           <a href="[% OPACBaseURL %]/cgi-bin/koha/opac-search.pl?[% query_cgi
| url %][% limit_cgi |html | url %]&count=[% countrss
%]&sort_by=acqdate_dsc&format=rss2" class="rsssearchlink noprint"><img
src="[% interface %]/[% theme %]/images/feed-icon-16x16.png" alt="Subscribe to
this search" title="Subscribe to this search" class="rsssearchicon"/></a>
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-search-history.tt:71:            
                                           <td><a href="[% OPACBaseURL
%]/cgi-bin/koha/opac-search.pl?[% query_cgi |html |url %][% limit_cgi |html |
url %]&[% s.query_cgi %]&count=[% countrss
%]&sort_by=acqdate_dsc&format=rss2" class="rsssearchlink"><img src="[%
interface %]/[% theme %]/images/feed-icon-16x16.png" alt="Subscribe to this
search" title="Subscribe to this search" class="rsssearchicon"/></a> <a
href="/cgi-bin/koha/opac-search.pl?[% s.query_cgi %]">[% s.query_desc
%]</a></td>

git grep "| html "
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-results.tt:111:                  
                                 <td><a href="[% OPACBaseURL
%]/cgi-bin/koha/opac-search.pl?[% query_cgi |html |url %][% limit_cgi |html |
url %]&[% s.query_cgi %]&count=[% countrss
%]&sort_by=acqdate_dsc&format=rss2" class="rsssearchlink"><img src="[%
interface %]/[% theme %]/images/feed-icon-16x16.png" alt="Subscribe to this
search" title="Subscribe to this search" class="rsssearchicon"/></a> <a
href="/cgi-bin/koha/opac-search.pl?[% s.query_cgi %]">[% s.query_desc
%]</a></td>

-- 
You are receiving this mail because:
You are watching all bug changes.

More information about the Koha-bugs mailing list