[Koha-bugs] [Bug 26102] Javascript injection in intranet search
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26102 Phil Ringnalda changed: What|Removed |Added Blocks||33144 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33144 [Bug 33144] Authority lookup in advanced editor overencodes HTML -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 26102] Javascript injection in intranet search
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26102 Owen Leonard changed: What|Removed |Added Resolution|--- |FIXED Status|Pushed to oldoldoldstable |RESOLVED -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 26102] Javascript injection in intranet search
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26102 --- Comment #59 from wainuiwitikap...@catalyst.net.nz --- Applied 19.11 patches to 19.11.x branch -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 26102] Javascript injection in intranet search
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26102 wainuiwitikap...@catalyst.net.nz changed: What|Removed |Added Attachment #130936|0 |1 is obsolete|| --- Comment #58 from wainuiwitikap...@catalyst.net.nz --- Created attachment 131004 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=131004=edit Bug 26102: [19.11] Prevent XSS when To.json is used: unimarc_field_4XX.tt To test, edit a MARC framework to link a subfield to the unimarc_field_4XX.tt. The process of triggering the plugin and selecting a search result from the plugin popup should work correctly. Signed-off-by: Wainui Witika-Park -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 26102] Javascript injection in intranet search
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26102 wainuiwitikap...@catalyst.net.nz changed: What|Removed |Added Attachment #130935|0 |1 is obsolete|| --- Comment #57 from wainuiwitikap...@catalyst.net.nz --- Created attachment 131003 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=131003=edit Bug 26102: [19.11] Prevent XSS when To.json is used: guarantor_search.tt To test, edit a patron record and go through the process of adding a guarantor. In the guarantor search results table the address should be displayed correctly. Signed-off-by: Wainui Witika-Park -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 26102] Javascript injection in intranet search
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26102 wainuiwitikap...@catalyst.net.nz changed: What|Removed |Added Attachment #130934|0 |1 is obsolete|| --- Comment #56 from wainuiwitikap...@catalyst.net.nz --- Created attachment 131002 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=131002=edit Bug 26102: [19.11] Prevent XSS when To.json is used: catalogue/results.tt To test, perform a search in the catalogue and verify that search term highlighting works correctly. Signed-off-by: Wainui Witika-Park -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 26102] Javascript injection in intranet search
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26102 wainuiwitikap...@catalyst.net.nz changed: What|Removed |Added Attachment #130933|0 |1 is obsolete|| --- Comment #55 from wainuiwitikap...@catalyst.net.nz --- Created attachment 131001 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=131001=edit Bug 26102: [19.11] Prevent XSS when To.json is used: authorities/blinddetail-biblio-search.tt Test the process of searching for and selecting an authority record for use in the basic MARC editor. Signed-off-by: Wainui Witika-Park -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 26102] Javascript injection in intranet search
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26102 wainuiwitikap...@catalyst.net.nz changed: What|Removed |Added Attachment #130932|0 |1 is obsolete|| --- Comment #54 from wainuiwitikap...@catalyst.net.nz --- Created attachment 131000 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=131000=edit Bug 26102: [19.11] Prevent XSS when To.json is used: authorities/authorities.tt Check that mandatory tags and subfields are correctly required when editing an authority record. Signed-off-by: Wainui Witika-Park -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 26102] Javascript injection in intranet search
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26102 wainuiwitikap...@catalyst.net.nz changed: What|Removed |Added Attachment #130931|0 |1 is obsolete|| --- Comment #53 from wainuiwitikap...@catalyst.net.nz --- Created attachment 130999 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=130999=edit Bug 26102: [19.11] Prevent XSS when To.json is used: admin/preferences.tt Test that preference search term highlighting works correctly. Signed-off-by: Wainui Witika-Park -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 26102] Javascript injection in intranet search
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26102 --- Comment #52 from Jonathan Druart --- Patches adjusted for 19.11. The following patch is not relevant for this branch: Bug 26102: Prevent XSS when To.json is used: subscription-add.tt -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 26102] Javascript injection in intranet search
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26102 --- Comment #51 from Jonathan Druart --- Created attachment 130936 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=130936=edit Bug 26102: [19.11] Prevent XSS when To.json is used: unimarc_field_4XX.tt To test, edit a MARC framework to link a subfield to the unimarc_field_4XX.tt. The process of triggering the plugin and selecting a search result from the plugin popup should work correctly. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 26102] Javascript injection in intranet search
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26102 --- Comment #50 from Jonathan Druart --- Created attachment 130935 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=130935=edit Bug 26102: [19.11] Prevent XSS when To.json is used: guarantor_search.tt To test, edit a patron record and go through the process of adding a guarantor. In the guarantor search results table the address should be displayed correctly. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 26102] Javascript injection in intranet search
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26102 --- Comment #49 from Jonathan Druart --- Created attachment 130934 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=130934=edit Bug 26102: [19.11] Prevent XSS when To.json is used: catalogue/results.tt To test, perform a search in the catalogue and verify that search term highlighting works correctly. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 26102] Javascript injection in intranet search
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26102 --- Comment #48 from Jonathan Druart --- Created attachment 130933 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=130933=edit Bug 26102: [19.11] Prevent XSS when To.json is used: authorities/blinddetail-biblio-search.tt Test the process of searching for and selecting an authority record for use in the basic MARC editor. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 26102] Javascript injection in intranet search
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26102 --- Comment #47 from Jonathan Druart --- Created attachment 130932 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=130932=edit Bug 26102: [19.11] Prevent XSS when To.json is used: authorities/authorities.tt Check that mandatory tags and subfields are correctly required when editing an authority record. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 26102] Javascript injection in intranet search
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26102 --- Comment #46 from Jonathan Druart --- Created attachment 130931 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=130931=edit Bug 26102: [19.11] Prevent XSS when To.json is used: admin/preferences.tt Test that preference search term highlighting works correctly. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 26102] Javascript injection in intranet search
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26102 Jonathan Druart changed: What|Removed |Added Blocks||30044 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30044 [Bug 30044] Z39.50/SRU search button broken by update to 19.11.25 -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 26102] Javascript injection in intranet search
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26102 --- Comment #45 from Katrin Fischer --- (In reply to wainuiwitikapark from comment #44) > Reverted commits on 19.11.x We have a problem reported with this patch set on bug 30044 - so we probably need a follow-up or adjusted set of patches. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 26102] Javascript injection in intranet search
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26102 --- Comment #44 from wainuiwitikap...@catalyst.net.nz --- Reverted commits on 19.11.x -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 26102] Javascript injection in intranet search
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26102 wainuiwitikap...@catalyst.net.nz changed: What|Removed |Added Status|Pushed to oldoldstable |Pushed to oldoldoldstable -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 26102] Javascript injection in intranet search
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26102 Fridolin Somers changed: What|Removed |Added QA Contact||testo...@bugs.koha-communit ||y.org Product|Koha security |Koha Component|Koha|Templates Group|Koha security | Version|unspecified |master -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/