]> git.evergreen-ils.org Git - Evergreen.git/commit
projects / Evergreen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a8e1007) | patch
LP#1478128: Avoid XSS in public catalog
authorDan Scott <dscott@laurentian.ca>
Wed, 26 Apr 2017 04:19:42 +0000 (00:19 -0400)
committerGalen Charlton <gmc@equinoxinitiative.org>
Wed, 24 May 2017 19:56:43 +0000 (15:56 -0400)
commit17210e096b0009c4a891944085c5cdc33a100d9c
tree74a207fd3e0eeceeba06c44b47ac72731385ccf8tree
parenta8e1007dd55c477cfa7b8eadc96a81f09c1e5e22commit | diff
LP#1478128: Avoid XSS in public catalog

This patch escapes various GET param values by passing them through
the Template Toolkit html filter, including:

* in the locale picker
* in the searchbar
* in the login form

Signed-off-by: Dan Scott <dscott@laurentian.ca>
Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org>
Open-ILS/src/templates/opac/parts/locale_picker.tt2 diff | blob | history
Open-ILS/src/templates/opac/parts/login/form.tt2 diff | blob | history
Open-ILS/src/templates/opac/parts/searchbar.tt2 diff | blob | history
Evergreen ILS