[koha-commits] main Koha release repository branch 3.14.x updated. v3.14.00-42-ga907c28
Git repo owner
gitmaster at git.koha-community.org
Fri Dec 13 16:01:46 CET 2013
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".
The branch, 3.14.x has been updated
via a907c28a1e408cc73ab0437d90dca8c861ae08f5 (commit)
via 3eac4854a4309612c4bdd33eed5fbcb77d59d5ad (commit)
via f8278987e3e1bac23e968417728a821faa22aa57 (commit)
from 1be884fe173c8b9d01e9038a1e74237db76f32fd (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit a907c28a1e408cc73ab0437d90dca8c861ae08f5
Author: Chris Cormack <chrisc at catalyst.net.nz>
Date: Tue Dec 3 12:01:23 2013 +1300
Bug 11322: rscrub bad data before storing suggestions in the DB
1/ In the public interface, add a suggestion containing html
2/ Save, notice the html is rendered (or if you have the other patches
is displayed)
3/ Apply this paget
4/ Add another suggestion
5/ Notice the html is stripped
Signed-off-by: David Cook <dcook at prosentient.com.au>
Works as described.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de>
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
(cherry picked from commit 48b339980e20bdefb21141d537c283d15e267d93)
Signed-off-by: Fridolin SOMERS <fridolin.somers at biblibre.com>
commit 3eac4854a4309612c4bdd33eed5fbcb77d59d5ad
Author: Chris Cormack <chrisc at catalyst.net.nz>
Date: Tue Dec 3 11:46:24 2013 +1300
Bug 11322: fix XSS bug in purchase suggestions - OPAC
1/ Add a suggestion in the opac, with lots of html
2/ View that suggestion in the OPAC, note the html is rendering
3/ Apply the patch
4/ Test again, in prog and bootstrap, no more rendered html
Signed-off-by: David Cook <dcook at prosentient.com.au>
Works as described.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de>
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
(cherry picked from commit 90f3b84def924dcc76719c01d75aa09241c92f8e)
Signed-off-by: Fridolin SOMERS <fridolin.somers at biblibre.com>
commit f8278987e3e1bac23e968417728a821faa22aa57
Author: Chris Cormack <chrisc at catalyst.net.nz>
Date: Tue Dec 3 11:34:48 2013 +1300
Bug 11322: fix XSS bug in purchase suggestions pages
To test
1/ Switch on purchase suggestions
2/ On the public interface (OPAC) add a suggestion, put html in every
field
3/ In the staff interface go to the suggestions page
/cgi-bin/koha/suggestion/suggestion.pl
4/ Notice the html is rendered
5/ Click on a suggestion, notice the html is rendered on the show page
also
6/ Apply the patch, check these two pages again, html should now be
escaped
Signed-off-by: David Cook <dcook at prosentient.com.au>
Works as described.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de>
Passes all tests, thx Chris!
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
(cherry picked from commit 368068c71597eaf61e4f9cc154002ea92dfd16c3)
Signed-off-by: Fridolin SOMERS <fridolin.somers at biblibre.com>
-----------------------------------------------------------------------
Summary of changes:
.../prog/en/modules/suggestion/suggestion.tt | 20 ++++++++++----------
.../bootstrap/en/modules/opac-suggestions.tt | 12 ++++++------
.../opac-tmpl/prog/en/modules/opac-suggestions.tt | 14 +++++++-------
opac/opac-suggestions.pl | 6 ++++++
4 files changed, 29 insertions(+), 23 deletions(-)
hooks/post-receive
--
main Koha release repository
More information about the koha-commits
mailing list