[koha-commits] main Koha release repository branch master updated. v16.05.00-6-gfa1dd40

Git repo owner gitmaster at git.koha-community.org
Mon May 30 13:02:49 CEST 2016 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".

The branch, master has been updated
       via  fa1dd408ca7714aed406ff75d3c4c55545b97cf0 (commit)
       via  c47c835672a8fcd8c7df79663443f01639fc7657 (commit)
       via  344033c32490df3e396ed530dcbf250086483371 (commit)
      from  bb4543f7db62836b048c632a0a184acb021286ad (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit fa1dd408ca7714aed406ff75d3c4c55545b97cf0
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Thu May 26 11:07:47 2016 +0100

    Bug 16597: Fix XSS in shelves.pl
    
    Reported by
    Alex Middleton at Dionach
    
    Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz>
    
    Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
    
    Signed-off-by: Brendan Gallagher <brendan at bywatersolutions.com>

commit c47c835672a8fcd8c7df79663443f01639fc7657
Author: Chris Cormack <chrisc at catalyst.net.nz>
Date:   Thu May 26 21:33:33 2016 +1200

    Bug 16597: Fix XSS in opac-shareshelf
    
    To test
    1/ Go to /cgi-bin/koha/opac-shareshelf.pl?op="><script>alert('XSS')</script>&shelfnumber=5
    2/ Notice you see a js alert
    3/ Apply patch
    4/ It is gone
    
    Reported by
    Alex Middleton at Dionach
    
    Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz>
    
    Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
    
    Signed-off-by: Brendan Gallagher <brendan at bywatersolutions.com>

commit 344033c32490df3e396ed530dcbf250086483371
Author: Chris Cormack <chrisc at catalyst.net.nz>
Date:   Thu May 26 21:06:18 2016 +1200

    Bug 16597: Fix XSS in opac-shelves.pl
    
    To test
    1/ Hit /cgi-bin/koha/opac-shelves.pl?shelfnumber=5&category=1&op=edit_form&referer="><script>alert('XSS')</SCRIPT>
    2/ Notice JS is executed
    3/ Apply patch
    4/ Notice it's fixed
    
    This bug reported by
    
    Alex Middleton at Dionach
    
    Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz>
    
    Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
    
    Signed-off-by: Brendan Gallagher <brendan at bywatersolutions.com>

-----------------------------------------------------------------------

Summary of changes:
 koha-tmpl/intranet-tmpl/prog/en/modules/virtualshelves/shelves.tt |    2 +-
 koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shareshelf.tt       |    2 +-
 koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt          |    2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
main Koha release repository

More information about the koha-commits mailing list