Bug 19034: (followup 2) Fix letters.tt XSS flaw

author Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Tue, 15 Aug 2017 16:26:12 +0000 (13:26 -0300)

committer Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Tue, 29 Aug 2017 15:00:37 +0000 (12:00 -0300)
author Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Tue, 15 Aug 2017 16:26:12 +0000 (13:26 -0300)
committer Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Tue, 29 Aug 2017 15:00:37 +0000 (12:00 -0300)
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/letter.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/letter.tt

index 056f9b4..25523ce 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/letter.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/letter.tt
@@ -181,7 +181,7 @@ $(document).ready(function() {
  [% IF ( no_op_set ) %]
      <h1>Notices and Slips</h1>
      <form method="get" action="/cgi-bin/koha/tools/letter.pl" id="selectlibrary">
-      <input type="hidden" name="searchfield" value="[% searchfield %]" />
+      <input type="hidden" name="searchfield" value="[% searchfield | html %]" />
      [% UNLESS independant_branch %]
        <p>
          Select a library :
author	Jonathan Druart <jonathan.druart@bugs.koha-community.org>
	Tue, 15 Aug 2017 16:26:12 +0000 (13:26 -0300)
committer	Jonathan Druart <jonathan.druart@bugs.koha-community.org>
	Tue, 29 Aug 2017 15:00:37 +0000 (12:00 -0300)