[koha-commits] main Koha release repository branch 3.14.x updated. v3.14.12-7-g4a80c04

Git repo owner gitmaster at git.koha-community.org
Fri Jan 23 10:17:32 CET 2015 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".

The branch, 3.14.x has been updated
       via  4a80c0483ee87cde8a065c425a519a471ed6fcb3 (commit)
      from  6dc24f69305b610d29549368748ad4072a986072 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 4a80c0483ee87cde8a065c425a519a471ed6fcb3
Author: Liz <wizzyrea at gmail.com>
Date:   Mon Jan 5 02:32:32 2015 +0000

    Bug 13510 - Cross site scripting bug in opac-downloadshelf and opac-shelves
    
    A specially crafted url causes XSS in Koha
    
    To test:
    
    cgi-bin/koha/opac-shelves.pl?viewshelf=2%22%3E%3Cscript%3Eprompt(987898)%3C/script%3E
    
    cgi-bin/koha/opac-downloadshelf.pl?shelfid=2%22%3Cscript%3Eprompt(1)%3C/script%3E&showprivateshelves
    
    These should cause a popup without the patch. With the patch, no popup.
    
    You may need to create these lists, the xss will not be triggered if the list doesn't exist or you don't
    have permission to view them.
    
    Signed-off-by: Chris <chris at bigballofwax.co.nz>
    
    Fixes the two listed problems
    
    Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de>
    Confirmed patch fixes the problem.
    
    Signed-off-by: Martin Renvoize <martin.renvoize at ptfs-europe.com>
    Signed-off-by: Mason James <mtj at kohaaloha.com>
    (cherry picked from commit 0718ced5e452a3d295597d1b5ef976a6772610eb)
    Signed-off-by: Fridolin Somers <fridolin.somers at biblibre.com>
    
    Conflicts:
    	koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt

-----------------------------------------------------------------------

Summary of changes:
 .../bootstrap/en/modules/opac-downloadshelf.tt     |    4 +--
 .../opac-tmpl/bootstrap/en/modules/opac-shelves.tt |   36 ++++++++++----------
 2 files changed, 20 insertions(+), 20 deletions(-)


hooks/post-receive
-- 
main Koha release repository

More information about the koha-commits mailing list