]> git.evergreen-ils.org Git - Evergreen.git/commit
projects / Evergreen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b01ca85) | patch
LP#1478128: Avoid XSS in public catalog
authorDan Scott <dscott@laurentian.ca>
Wed, 26 Apr 2017 04:19:42 +0000 (00:19 -0400)
committerGalen Charlton <gmc@equinoxinitiative.org>
Wed, 24 May 2017 16:32:06 +0000 (12:32 -0400)
commit472bd5ae1486fc0349581b02e666d0e8b8d5c143
treeb7dc0195ae8eb15820b16ba6ee84952f825565cetree
parentb01ca85655e3a0272a21883e7d600aa422c0ce53commit | diff
LP#1478128: Avoid XSS in public catalog

This patch escapes various GET param values by passing them through
the Template Toolkit html filter, including:

* in the locale picker
* in the searchbar
* in the login form

Signed-off-by: Dan Scott <dscott@laurentian.ca>
Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org>
Conflicts:
Open-ILS/src/templates/opac/parts/searchbar.tt2

Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org>
Open-ILS/src/templates/opac/parts/locale_picker.tt2 diff | blob | history
Open-ILS/src/templates/opac/parts/login/form.tt2 diff | blob | history
Open-ILS/src/templates/opac/parts/searchbar.tt2 diff | blob | history
Evergreen ILS