[koha-commits] main Koha release repository branch master updated. v3.14.00-69-g48b3399
Git repo owner
gitmaster at git.koha-community.org
Tue Dec 3 01:05:25 CET 2013
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".
The branch, master has been updated
via 48b339980e20bdefb21141d537c283d15e267d93 (commit)
via 90f3b84def924dcc76719c01d75aa09241c92f8e (commit)
via 368068c71597eaf61e4f9cc154002ea92dfd16c3 (commit)
from 15b86a38edd26eb03fb6d2d7b1b28f47df19370e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 48b339980e20bdefb21141d537c283d15e267d93
Author: Chris Cormack <chrisc at catalyst.net.nz>
Date: Tue Dec 3 12:01:23 2013 +1300
Bug 11322: rscrub bad data before storing suggestions in the DB
1/ In the public interface, add a suggestion containing html
2/ Save, notice the html is rendered (or if you have the other patches
is displayed)
3/ Apply this paget
4/ Add another suggestion
5/ Notice the html is stripped
Signed-off-by: David Cook <dcook at prosentient.com.au>
Works as described.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de>
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
commit 90f3b84def924dcc76719c01d75aa09241c92f8e
Author: Chris Cormack <chrisc at catalyst.net.nz>
Date: Tue Dec 3 11:46:24 2013 +1300
Bug 11322: fix XSS bug in purchase suggestions - OPAC
1/ Add a suggestion in the opac, with lots of html
2/ View that suggestion in the OPAC, note the html is rendering
3/ Apply the patch
4/ Test again, in prog and bootstrap, no more rendered html
Signed-off-by: David Cook <dcook at prosentient.com.au>
Works as described.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de>
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
commit 368068c71597eaf61e4f9cc154002ea92dfd16c3
Author: Chris Cormack <chrisc at catalyst.net.nz>
Date: Tue Dec 3 11:34:48 2013 +1300
Bug 11322: fix XSS bug in purchase suggestions pages
To test
1/ Switch on purchase suggestions
2/ On the public interface (OPAC) add a suggestion, put html in every
field
3/ In the staff interface go to the suggestions page
/cgi-bin/koha/suggestion/suggestion.pl
4/ Notice the html is rendered
5/ Click on a suggestion, notice the html is rendered on the show page
also
6/ Apply the patch, check these two pages again, html should now be
escaped
Signed-off-by: David Cook <dcook at prosentient.com.au>
Works as described.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de>
Passes all tests, thx Chris!
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
-----------------------------------------------------------------------
Summary of changes:
.../prog/en/modules/suggestion/suggestion.tt | 20 ++++++++++----------
.../bootstrap/en/modules/opac-suggestions.tt | 12 ++++++------
.../opac-tmpl/prog/en/modules/opac-suggestions.tt | 14 +++++++-------
opac/opac-suggestions.pl | 6 ++++++
4 files changed, 29 insertions(+), 23 deletions(-)
hooks/post-receive
--
main Koha release repository
More information about the koha-commits
mailing list