To test
1/ Hit a url like
http://localhost:8080/cgi-bin/koha/opac-sendbasket.pl?email_add=%3Cscript%3Ealert(%27XSS%27)%3C%2Fscript%3Ezz%40zz&comment=tes&bib_list=3
Where bib_list is a valid basket number
2/ Notice you get a javascript alert showing
3/ Apply patch
4/ Notice the text is now escaped
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
[% IF ( SENT ) %]
<h1>Message sent</h1>
<div class="dialog dialog-success">
[% IF ( SENT ) %]
<h1>Message sent</h1>
<div class="dialog dialog-success">
- <p>The cart was sent to: [% email_add %]</p>
+ <p>The cart was sent to: [% email_add | html %]</p>
</div>
<p><a class="focus close" href="#">Close window</a></p>
[% END %]
</div>
<p><a class="focus close" href="#">Close window</a></p>
[% END %]