]> git.evergreen-ils.org Git - Evergreen.git/commit
projects / Evergreen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 03cc7bf) | patch
LP#1478128: Avoid XSS in public catalog
authorDan Scott <dscott@laurentian.ca>
Wed, 26 Apr 2017 04:19:42 +0000 (00:19 -0400)
committerGalen Charlton <gmc@equinoxinitiative.org>
Wed, 24 May 2017 16:11:27 +0000 (12:11 -0400)
commit3e663fb2381f0c13c80b776483af7a331be666e4
treea2c997b340dd17ff621f17ea7df3e8b6c7696c1atree
parent03cc7bf48036a01bc8dc01be2f7429c15462d61ecommit | diff
LP#1478128: Avoid XSS in public catalog

This patch escapes various GET param values by passing them through
the Template Toolkit html filter, including:

* in the locale picker
* in the searchbar
* in the login form

Signed-off-by: Dan Scott <dscott@laurentian.ca>
Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org>
Open-ILS/src/templates/opac/parts/locale_picker.tt2 diff | blob | history
Open-ILS/src/templates/opac/parts/login/form.tt2 diff | blob | history
Open-ILS/src/templates/opac/parts/searchbar.tt2 diff | blob | history
Evergreen ILS