[koha-commits] main Koha release repository branch 3.14.x updated. v3.14.00-49-gd0ba676
Git repo owner
gitmaster at git.koha-community.org
Fri Dec 13 16:16:49 CET 2013
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".
The branch, 3.14.x has been updated
via d0ba676864eb2a55776d8dbd02d2403f9fa74a4b (commit)
from 9f907132fe1775cd6eafe3051773728b98ebee28 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit d0ba676864eb2a55776d8dbd02d2403f9fa74a4b
Author: Chris Cormack <chrisc at catalyst.net.nz>
Date: Thu Dec 5 10:09:20 2013 +1300
Bug 11341: fix XSS bug in opac-search.pl (facets)
This patch fixes the prog theme; the bootstrap theme already
does the necessary filtering.
To test
1/ Craft a url like
cgi-bin/koha/opac-search.pl?idx=kw&q=fish&offset=20" onmouseover%3dprompt(994000) bad%3d"
(the search must return enough results to have a show more link in the facets)
2/ Check the source, or mouseover the Show more links in the facets
Notice the code is executable
3/ Apply patch - notice it is no longer executable
Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com>
Signed-off-by: Brendan Gallagher <brendan at bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
(cherry picked from commit d2d365ca830345b9a519158f6d735d2abd125380)
Signed-off-by: Fridolin SOMERS <fridolin.somers at biblibre.com>
-----------------------------------------------------------------------
Summary of changes:
koha-tmpl/opac-tmpl/prog/en/includes/opac-facets.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
hooks/post-receive
--
main Koha release repository
More information about the koha-commits
mailing list