[koha-commits] main Koha release repository branch master updated. v16.05.00-6-gfa1dd40
Git repo owner
gitmaster at git.koha-community.org
Mon May 30 13:02:49 CEST 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".
The branch, master has been updated
via fa1dd408ca7714aed406ff75d3c4c55545b97cf0 (commit)
via c47c835672a8fcd8c7df79663443f01639fc7657 (commit)
via 344033c32490df3e396ed530dcbf250086483371 (commit)
from bb4543f7db62836b048c632a0a184acb021286ad (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit fa1dd408ca7714aed406ff75d3c4c55545b97cf0
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Thu May 26 11:07:47 2016 +0100
Bug 16597: Fix XSS in shelves.pl
Reported by
Alex Middleton at Dionach
Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
Signed-off-by: Brendan Gallagher <brendan at bywatersolutions.com>
commit c47c835672a8fcd8c7df79663443f01639fc7657
Author: Chris Cormack <chrisc at catalyst.net.nz>
Date: Thu May 26 21:33:33 2016 +1200
Bug 16597: Fix XSS in opac-shareshelf
To test
1/ Go to /cgi-bin/koha/opac-shareshelf.pl?op="><script>alert('XSS')</script>&shelfnumber=5
2/ Notice you see a js alert
3/ Apply patch
4/ It is gone
Reported by
Alex Middleton at Dionach
Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
Signed-off-by: Brendan Gallagher <brendan at bywatersolutions.com>
commit 344033c32490df3e396ed530dcbf250086483371
Author: Chris Cormack <chrisc at catalyst.net.nz>
Date: Thu May 26 21:06:18 2016 +1200
Bug 16597: Fix XSS in opac-shelves.pl
To test
1/ Hit /cgi-bin/koha/opac-shelves.pl?shelfnumber=5&category=1&op=edit_form&referer="><script>alert('XSS')</SCRIPT>
2/ Notice JS is executed
3/ Apply patch
4/ Notice it's fixed
This bug reported by
Alex Middleton at Dionach
Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
Signed-off-by: Brendan Gallagher <brendan at bywatersolutions.com>
-----------------------------------------------------------------------
Summary of changes:
koha-tmpl/intranet-tmpl/prog/en/modules/virtualshelves/shelves.tt | 2 +-
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shareshelf.tt | 2 +-
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
hooks/post-receive
--
main Koha release repository
More information about the koha-commits
mailing list