[Patches] [PATCH] Bug 7316 - Missing escaping in search results
koha-patchbot at kohaaloha.com
koha-patchbot at kohaaloha.com
Mon Dec 5 06:30:03 NZDT 2011
From: =?UTF-8?q?Fr=C3=A8re=20S=C3=A9bastien=20Marie?= <semarie-koha at latrappe.fr>
Date: Sun, 4 Dec 2011 18:14:09 +0100
Subject: [PATCH] Bug 7316 - Missing escaping in search results
Two parameters are now escaped in title (html element):
- query_desc
- limit_desc
This is a security correction against XSS.
---
.../prog/en/modules/catalogue/results.tt | 2 +-
.../prog/en/modules/opac-results-grouped.tt | 2 +-
.../opac-tmpl/prog/en/modules/opac-results.tt | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/results.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/results.tt
index 2bed51c..9b4f01f 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/results.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/results.tt
@@ -1,5 +1,5 @@
[% INCLUDE 'doc-head-open.inc' %]
-<title>Koha › Catalog › [% IF ( searchdesc ) %]Results of Search [% IF ( query_desc ) %]for '[% query_desc %]'[% END %][% IF ( limit_desc ) %] with limit(s): '[% limit_desc %]'[% END %][% ELSE %]You did not specify any search criteria[% END %]</title>
+<title>Koha › Catalog › [% IF ( searchdesc ) %]Results of Search [% IF ( query_desc ) %]for '[% query_desc | html %]'[% END %][% IF ( limit_desc ) %] with limit(s): '[% limit_desc | html %]'[% END %][% ELSE %]You did not specify any search criteria[% END %]</title>
[% INCLUDE 'doc-head-close.inc' %]
<script type="text/javascript" src="/intranet-tmpl/prog/en/lib/jquery/plugins/jquery.highlight-3.js"></script>
<script type="text/javascript">
diff --git a/koha-tmpl/opac-tmpl/prog/en/modules/opac-results-grouped.tt b/koha-tmpl/opac-tmpl/prog/en/modules/opac-results-grouped.tt
index baf7676..9e1b855 100644
--- a/koha-tmpl/opac-tmpl/prog/en/modules/opac-results-grouped.tt
+++ b/koha-tmpl/opac-tmpl/prog/en/modules/opac-results-grouped.tt
@@ -1,7 +1,7 @@
[% INCLUDE 'doc-head-open.inc' %]
[% IF ( LibraryNameTitle ) %][% LibraryNameTitle %][% ELSE %]Koha Online[% END %] Catalog ›
[% IF ( searchdesc ) %]
- Results of Search [% IF ( query_desc ) %]for '[% query_desc %]'[% END %][% IF ( limit_desc ) %] with limit(s): '[% limit_desc %]'[% END %]
+ Results of Search [% IF ( query_desc ) %]for '[% query_desc | html %]'[% END %][% IF ( limit_desc ) %] with limit(s): '[% limit_desc | html %]'[% END %]
[% ELSE %]
You did not specify any search criteria.
[% END %]
diff --git a/koha-tmpl/opac-tmpl/prog/en/modules/opac-results.tt b/koha-tmpl/opac-tmpl/prog/en/modules/opac-results.tt
index 7201a82..798e0d8 100755
--- a/koha-tmpl/opac-tmpl/prog/en/modules/opac-results.tt
+++ b/koha-tmpl/opac-tmpl/prog/en/modules/opac-results.tt
@@ -1,7 +1,7 @@
[% INCLUDE 'doc-head-open.inc' %]
[% IF ( LibraryNameTitle ) %][% LibraryNameTitle %][% ELSE %]Koha Online[% END %] Catalog ›
[% IF ( searchdesc ) %]
- Results of Search [% IF ( query_desc ) %]for '[% query_desc %]'[% END %][% IF ( limit_desc ) %] with limit(s): '[% limit_desc %]'[% END %]
+ Results of Search [% IF ( query_desc ) %]for '[% query_desc | html%]'[% END %][% IF ( limit_desc ) %] with limit(s): '[% limit_desc | html %]'[% END %]
[% ELSE %]
You did not specify any search criteria.
[% END %]
--
1.7.2.5
More information about the Patches
mailing list