[koha-commits] main Koha release repository branch 3.20.x updated. v3.20.10-72-g592653f

Git repo owner gitmaster at git.koha-community.org
Tue Jun 21 22:54:22 CEST 2016


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".

The branch, 3.20.x has been updated
       via  592653f067eb7580ab50425756e884b50b551f1c (commit)
       via  4f25396332d256d89a0906fcbc9600dcaaaab274 (commit)
       via  76844ae98a9fa577c53bfc3ff5fb28c92c44ff62 (commit)
      from  476f55d6b9df4da3abfd61b25422418f8c9bac29 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 592653f067eb7580ab50425756e884b50b551f1c
Author: Chris Cormack <chrisc at catalyst.net.nz>
Date:   Thu May 26 21:33:33 2016 +1200

    Bug 16597: Fix XSS in opac-shareshelf
    
    To test
    1/ Go to /cgi-bin/koha/opac-shareshelf.pl?op="><script>alert('XSS')</script>&shelfnumber=5
    2/ Notice you see a js alert
    3/ Apply patch
    4/ It is gone
    
    Reported by
    Alex Middleton at Dionach
    
    Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz>
    
    Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
    
    Signed-off-by: Brendan Gallagher <brendan at bywatersolutions.com>
    (cherry picked from commit c47c835672a8fcd8c7df79663443f01639fc7657)
    Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
    (cherry picked from commit 8d6486013b504fa652b43b2a20c3bb4da25034fd)
    Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>

commit 4f25396332d256d89a0906fcbc9600dcaaaab274
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Thu May 26 12:08:30 2016 +0100

    Bug 16599: Fix other potentials XSS for shelfname
    
    Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
    Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
    
    Signed-off-by: Brendan Gallagher <brendan at bywatersolutions.com>
    (cherry picked from commit bb4543f7db62836b048c632a0a184acb021286ad)
    Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
    (cherry picked from commit dd94d1bc4ca68d8466b4d7fb154c6714a7782b58)
    Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>

commit 76844ae98a9fa577c53bfc3ff5fb28c92c44ff62
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Thu May 26 12:03:55 2016 +0100

    Bug 16599: Fix XSS in opac-shareshelf.pl
    
    Test plan:
    - Create a list with the name "<script>alert(1)</script>"
    - On the shelf list, click on share
    => Without this patch you will see the JS alert
    => With this patch applied you won't see it
    
    Reported by Kaybee at Dionach
    
    Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
    Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
    
    Signed-off-by: Brendan Gallagher <brendan at bywatersolutions.com>
    (cherry picked from commit a44a930c076fceca0f7193f488e187d9849f89b6)
    Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
    (cherry picked from commit 858e3b2043e0eb1ce5bb9a6c36b3b87afb69ae22)
    Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>

-----------------------------------------------------------------------

Summary of changes:
 koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-downloadshelf.tt   |    6 +++---
 koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-results-grouped.tt |    2 +-
 koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shareshelf.tt      |    6 +++---
 koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves-rss.tt     |    2 +-
 4 files changed, 8 insertions(+), 8 deletions(-)


hooks/post-receive
-- 
main Koha release repository


More information about the koha-commits mailing list