[koha-commits] main Koha release repository branch 3.12.x updated. v3.12.08-13-gf3bfa40
Git repo owner
gitmaster at git.koha-community.org
Wed Jan 15 15:34:40 CET 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".
The branch, 3.12.x has been updated
via f3bfa402fb4ff5b49ba2a11ccc2f9a27d19dfc53 (commit)
from 01a39d6ce0b9fe2153434a9cb2802126ce39b2df (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit f3bfa402fb4ff5b49ba2a11ccc2f9a27d19dfc53
Author: Galen Charlton <gmc at esilibrary.com>
Date: Mon Jan 13 21:51:56 2014 +0000
Bug 11535: sanitize input from patron self-registration form
This patch adds the use of C4::Scrubber to the processing of input
from the patron self-registration form, thereby closing off one
avenue for Javascript injection.
To test:
[1] Use the OPAC self-registration form to enter a new patron,
and set its address to something like:
<span style="color: red;">BAD</span>
[2] In the staff interface, bring up the new patron record. The
address will show up in red, indicating a successful HTML
injection.
[3] Apply the patch and use self-registration to enter a new
patron with a similar case of unwanted HTML coding.
[4] Bring up the second patron in the staff interface. This time,
the undesirable HTML tag should not be present.
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
Signed-off-by: Liz Rea <liz at catalyst.net.nz>
Tags are not present on testing.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de>
Confirmed bug and that the patch fixes it.
Passes all tests and QA script.
Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com>
-----------------------------------------------------------------------
Summary of changes:
opac/opac-memberentry.pl | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
hooks/post-receive
--
main Koha release repository
More information about the koha-commits
mailing list