[koha-commits] main Koha release repository branch 3.18.x updated. v3.18.01-23-g0c8ede3
Git repo owner
gitmaster at git.koha-community.org
Sun Dec 21 21:57:53 CET 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".
The branch, 3.18.x has been updated
via 0c8ede31df2b79c3a879e47029308e0808fa6afc (commit)
from ad2c8ef43fadcd5d9b83d625428f7e279990109b (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 0c8ede31df2b79c3a879e47029308e0808fa6afc
Author: Chris Cormack <chrisc at catalyst.net.nz>
Date: Wed Dec 10 12:47:30 2014 +1300
Bug 13425 - XSS in intranet facets - Patch for 3.18 and master
To Test
1/ Craft a url like /cgi-bin/koha/catalogue/search.pl?q=smith&sort_by='"><script>prompt('Happy_Holidays')</script>
It is important it must return results and facets
2/ Notice the js is executed
3/ Apply the patch test again
Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de>
No prompts, no functional regressions found.
Checked selecting and undoing facets, show more links and paging.
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
-----------------------------------------------------------------------
Summary of changes:
koha-tmpl/intranet-tmpl/prog/en/includes/facets.inc | 8 ++++----
koha-tmpl/intranet-tmpl/prog/en/includes/page-numbers.inc | 6 +++---
2 files changed, 7 insertions(+), 7 deletions(-)
hooks/post-receive
--
main Koha release repository
More information about the koha-commits
mailing list