[koha-commits] main Koha release repository branch 3.12.x updated. v3.12.08-13-gf3bfa40

Git repo owner gitmaster at git.koha-community.org
Wed Jan 15 15:34:40 CET 2014 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".

The branch, 3.12.x has been updated
       via  f3bfa402fb4ff5b49ba2a11ccc2f9a27d19dfc53 (commit)
      from  01a39d6ce0b9fe2153434a9cb2802126ce39b2df (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit f3bfa402fb4ff5b49ba2a11ccc2f9a27d19dfc53
Author: Galen Charlton <gmc at esilibrary.com>
Date:   Mon Jan 13 21:51:56 2014 +0000

    Bug 11535: sanitize input from patron self-registration form
    
    This patch adds the use of C4::Scrubber to the processing of input
    from the patron self-registration form, thereby closing off one
    avenue for Javascript injection.
    
    To test:
    
    [1] Use the OPAC self-registration form to enter a new patron,
        and set its address to something like:
    
        <span style="color: red;">BAD</span>
    
    [2] In the staff interface, bring up the new patron record.  The
        address will show up in red, indicating a successful HTML
        injection.
    [3] Apply the patch and use self-registration to enter a new
        patron with a similar case of unwanted HTML coding.
    [4] Bring up the second patron in the staff interface.  This time,
        the undesirable HTML tag should not be present.
    
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
    Signed-off-by: Liz Rea <liz at catalyst.net.nz>
    Tags are not present on testing.
    
    Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de>
    Confirmed bug and that the patch fixes it.
    Passes all tests and QA script.
    
    Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com>

-----------------------------------------------------------------------

Summary of changes:
 opac/opac-memberentry.pl |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
main Koha release repository

More information about the koha-commits mailing list