[koha-commits] main Koha release repository branch 3.20.x updated. v3.20.10-72-g592653f
Git repo owner
gitmaster at git.koha-community.org
Tue Jun 21 22:54:22 CEST 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".
The branch, 3.20.x has been updated
via 592653f067eb7580ab50425756e884b50b551f1c (commit)
via 4f25396332d256d89a0906fcbc9600dcaaaab274 (commit)
via 76844ae98a9fa577c53bfc3ff5fb28c92c44ff62 (commit)
from 476f55d6b9df4da3abfd61b25422418f8c9bac29 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 592653f067eb7580ab50425756e884b50b551f1c
Author: Chris Cormack <chrisc at catalyst.net.nz>
Date: Thu May 26 21:33:33 2016 +1200
Bug 16597: Fix XSS in opac-shareshelf
To test
1/ Go to /cgi-bin/koha/opac-shareshelf.pl?op="><script>alert('XSS')</script>&shelfnumber=5
2/ Notice you see a js alert
3/ Apply patch
4/ It is gone
Reported by
Alex Middleton at Dionach
Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
Signed-off-by: Brendan Gallagher <brendan at bywatersolutions.com>
(cherry picked from commit c47c835672a8fcd8c7df79663443f01639fc7657)
Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
(cherry picked from commit 8d6486013b504fa652b43b2a20c3bb4da25034fd)
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
commit 4f25396332d256d89a0906fcbc9600dcaaaab274
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Thu May 26 12:08:30 2016 +0100
Bug 16599: Fix other potentials XSS for shelfname
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
Signed-off-by: Brendan Gallagher <brendan at bywatersolutions.com>
(cherry picked from commit bb4543f7db62836b048c632a0a184acb021286ad)
Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
(cherry picked from commit dd94d1bc4ca68d8466b4d7fb154c6714a7782b58)
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
commit 76844ae98a9fa577c53bfc3ff5fb28c92c44ff62
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Thu May 26 12:03:55 2016 +0100
Bug 16599: Fix XSS in opac-shareshelf.pl
Test plan:
- Create a list with the name "<script>alert(1)</script>"
- On the shelf list, click on share
=> Without this patch you will see the JS alert
=> With this patch applied you won't see it
Reported by Kaybee at Dionach
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
Signed-off-by: Brendan Gallagher <brendan at bywatersolutions.com>
(cherry picked from commit a44a930c076fceca0f7193f488e187d9849f89b6)
Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
(cherry picked from commit 858e3b2043e0eb1ce5bb9a6c36b3b87afb69ae22)
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
-----------------------------------------------------------------------
Summary of changes:
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-downloadshelf.tt | 6 +++---
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-results-grouped.tt | 2 +-
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shareshelf.tt | 6 +++---
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves-rss.tt | 2 +-
4 files changed, 8 insertions(+), 8 deletions(-)
hooks/post-receive
--
main Koha release repository
More information about the koha-commits
mailing list