[koha-commits] main Koha release repository branch master updated. v3.14.00-76-gd2d365c

[Git repo owner]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".

The branch, master has been updated
       via  d2d365ca830345b9a519158f6d735d2abd125380 (commit)
      from  1b695517a6b98720ee300ba21280ee2f8139a796 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit d2d365ca830345b9a519158f6d735d2abd125380
Author: Chris Cormack <chrisc at catalyst.net.nz>
Date:   Thu Dec 5 10:09:20 2013 +1300

    Bug 11341: fix XSS bug in opac-search.pl (facets)
    
    This patch fixes the prog theme; the bootstrap theme already
    does the necessary filtering.
    
    To test
    1/ Craft a url like
     cgi-bin/koha/opac-search.pl?idx=kw&q=fish&offset=20" onmouseover%3dprompt(994000) bad%3d"
     (the search must return enough results to have a show more link in the facets)
    
    2/ Check the source, or mouseover the Show more links in the facets
       Notice the code is executable
    
    3/ Apply patch - notice it is no longer executable
    
    Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com>
    Signed-off-by: Brendan Gallagher <brendan at bywatersolutions.com>
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>

-----------------------------------------------------------------------

Summary of changes:
 koha-tmpl/opac-tmpl/prog/en/includes/opac-facets.inc |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


hooks/post-receive
-- 
main Koha release repository