]> git.evergreen-ils.org Git - Evergreen.git/commit
projects / Evergreen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d012c94) | patch
LP#1478128: Avoid XSS in public catalog
authorDan Scott <dscott@laurentian.ca>
Wed, 26 Apr 2017 04:19:42 +0000 (00:19 -0400)
committerGalen Charlton <gmc@equinoxinitiative.org>
Wed, 24 May 2017 16:28:11 +0000 (12:28 -0400)
commit45a494080ac56d612231fcef0b12c8ddfb6de7a5
tree98e9f40996dd5040a78fea60ec6612d0a94b7559tree
parentd012c947e11db84f2d2f47c5ac348a4db15daea4commit | diff
LP#1478128: Avoid XSS in public catalog

This patch escapes various GET param values by passing them through
the Template Toolkit html filter, including:

* in the locale picker
* in the searchbar
* in the login form

Signed-off-by: Dan Scott <dscott@laurentian.ca>
Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org>
Conflicts:
Open-ILS/src/templates/opac/parts/searchbar.tt2

Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org>
Open-ILS/src/templates/opac/parts/locale_picker.tt2 diff | blob | history
Open-ILS/src/templates/opac/parts/login/form.tt2 diff | blob | history
Open-ILS/src/templates/opac/parts/searchbar.tt2 diff | blob | history
Evergreen ILS