[Koha-patches] [PATCH] Fixing some small XSS vulnerabilities
Chris Cormack
chrisc at catalyst.net.nz
Mon Feb 15 00:25:42 CET 2010
---
.../opac-tmpl/prog/en/modules/opac-basket.tmpl | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/koha-tmpl/opac-tmpl/prog/en/modules/opac-basket.tmpl b/koha-tmpl/opac-tmpl/prog/en/modules/opac-basket.tmpl
index ed47772..47b8a6e 100644
--- a/koha-tmpl/opac-tmpl/prog/en/modules/opac-basket.tmpl
+++ b/koha-tmpl/opac-tmpl/prog/en/modules/opac-basket.tmpl
@@ -161,13 +161,13 @@ function tagAdded() {
<h3>
<!-- TMPL_IF NAME="print_basket" -->
<!-- TMPL_VAR NAME="title" escape="html" -->
- <!-- TMPL_IF name="subtitle" --> <!-- TMPL_LOOP NAME="subtitle" --><!-- TMPL_VAR NAME="subfield" --><!-- /TMPL_LOOP --><!-- /TMPL_IF -->
- <!-- TMPL_IF name="author" --> <!-- TMPL_VAR NAME="author" --><!-- /TMPL_IF -->
+ <!-- TMPL_IF name="subtitle" --> <!-- TMPL_LOOP NAME="subtitle" escape="html"--><!-- TMPL_VAR NAME="subfield" --><!-- /TMPL_LOOP --><!-- /TMPL_IF -->
+ <!-- TMPL_IF name="author" --> <!-- TMPL_VAR NAME="author" escpae="html" --><!-- /TMPL_IF -->
<!-- TMPL_ELSE -->
<input type="checkbox" value="<!-- TMPL_VAR NAME="biblionumber" -->" name="bib<!-- TMPL_VAR NAME="biblionumber" -->" id="bib<!-- TMPL_VAR NAME="biblionumber" -->" onclick="selRecord(value,checked)" />
<!-- TMPL_VAR NAME="title" escape="html" -->
- <!-- TMPL_IF name="subtitle" --> <!-- TMPL_LOOP NAME="subtitle" --><!-- TMPL_VAR NAME="subfield" --><!-- /TMPL_LOOP --><!-- /TMPL_IF -->
- <!-- TMPL_IF name="author" --> <!-- TMPL_VAR NAME="author" --><!-- /TMPL_IF -->
+ <!-- TMPL_IF name="subtitle" --> <!-- TMPL_LOOP NAME="subtitle" escape="html" --><!-- TMPL_VAR NAME="subfield" --><!-- /TMPL_LOOP --><!-- /TMPL_IF -->
+ <!-- TMPL_IF name="author" --> <!-- TMPL_VAR NAME="author" escape="html"--><!-- /TMPL_IF -->
<!-- /TMPL_IF -->
</h3>
<!-- COinS / OpenURL -->
--
1.6.3.3
More information about the Koha-patches
mailing list