[koha-commits] main Koha release repository branch 3.14.x updated. v3.14.01-87-gfaf3b5f

Git repo owner gitmaster at git.koha-community.org
Tue Jan 14 17:39:48 CET 2014 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".

The branch, 3.14.x has been updated
       via  faf3b5f3f84b0c8b8497fdac368edf00dfb546da (commit)
      from  810168643d02ebb69c2d56a5fa17b811b06d68a8 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit faf3b5f3f84b0c8b8497fdac368edf00dfb546da
Author: Galen Charlton <gmc at esilibrary.com>
Date:   Mon Jan 13 21:51:56 2014 +0000

    Bug 11535: sanitize input from patron self-registration form
    
    This patch adds the use of C4::Scrubber to the processing of input
    from the patron self-registration form, thereby closing off one
    avenue for Javascript injection.
    
    To test:
    
    [1] Use the OPAC self-registration form to enter a new patron,
        and set its address to something like:
    
        <span style="color: red;">BAD</span>
    
    [2] In the staff interface, bring up the new patron record.  The
        address will show up in red, indicating a successful HTML
        injection.
    [3] Apply the patch and use self-registration to enter a new
        patron with a similar case of unwanted HTML coding.
    [4] Bring up the second patron in the staff interface.  This time,
        the undesirable HTML tag should not be present.
    
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
    Signed-off-by: Liz Rea <liz at catalyst.net.nz>
    Tags are not present on testing.
    
    Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de>
    Confirmed bug and that the patch fixes it.
    Passes all tests and QA script.
    
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
    (cherry picked from commit 5c3f36279b93e13be4773c7b88df39c99f8b2aca)
    Signed-off-by: Fridolin SOMERS <fridolin.somers at biblibre.com>

-----------------------------------------------------------------------

Summary of changes:
 opac/opac-memberentry.pl |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
main Koha release repository

More information about the koha-commits mailing list