1. Hit /cgi-bin/koha/tools/batch_delete_records.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> in the Record number list (one per line) text area.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Record number list (one per line) text area.
6. Notice it is no longer executed.
7. Fixes for both biblio and authority records.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
<div class="dialog error" style="margin:auto;">
[% END %]
[% IF message.code == 'biblio_not_exists' %]
- The biblionumber [% message.biblionumber %] does not exist in the database.
+ The biblionumber [% message.biblionumber |html %] does not exist in the database.
[% ELSIF message.code == 'authority_not_exists' %]
- The authority id [% message.authid %] does not exist in the database.
+ The authority id [% message.authid |html %] does not exist in the database.
[% ELSIF message.code == 'item_issued' %]
At least one item is checked out on bibliographic record [% message.biblionumber %].
[% ELSIF message.code == 'reserve_not_cancelled' %]