Bug 16597: Fix XSS in shelves.pl

author Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Thu, 26 May 2016 10:07:47 +0000 (11:07 +0100)

committer Brendan Gallagher <brendan@bywatersolutions.com>

Mon, 30 May 2016 11:14:03 +0000 (11:14 +0000)
author Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Thu, 26 May 2016 10:07:47 +0000 (11:07 +0100)
committer Brendan Gallagher <brendan@bywatersolutions.com>
Mon, 30 May 2016 11:14:03 +0000 (11:14 +0000)
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/virtualshelves/shelves.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/virtualshelves/shelves.tt

index b408039..6b4856b 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/virtualshelves/shelves.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/virtualshelves/shelves.tt
@@ -529,7 +529,7 @@ function placeHold () {
              <legend>Edit list <i>[% shelf.shelfname | html %]</i></legend>
              <input type="hidden" name="op" value="edit" />
          [% END %]
-        <input type="hidden" name="referer" value="[% referer %]" />
+        <input type="hidden" name="referer" value="[% referer | html %]" />
          <input type="hidden" name="shelfnumber" value="[% shelf.shelfnumber %]" />
          <ol>
              <li>
author	Jonathan Druart <jonathan.druart@bugs.koha-community.org>
	Thu, 26 May 2016 10:07:47 +0000 (11:07 +0100)
committer	Brendan Gallagher <brendan@bywatersolutions.com>
	Mon, 30 May 2016 11:14:03 +0000 (11:14 +0000)