This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".

The branch, 16.11.x has been updated
       via  a90197ebbb6f946ea4caefd7917fb4ff3ecefaa2 (commit)
       via  9ae84a513072b742013c391f2e3622c7c3e627f9 (commit)
      from  04ced01839f6792fdab1bca5a6327e524ca863ea (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit a90197ebbb6f946ea4caefd7917fb4ff3ecefaa2
Author: Jonathan Druart <>
Date:   Wed Nov 29 15:24:40 2017 -0300

    Bug 19560: Correctly escape branchcode in admin/
    Signed-off-by: Owen Leonard <>
    Signed-off-by: Josef Moravec <>
    Signed-off-by: Jonathan Druart <>
    Signed-off-by: Nick Clemens <>
    (cherry picked from commit d9735ae0d8aff9ca405674df3d2b03183e0883b6)
    Signed-off-by: Fridolin Somers <>
    (cherry picked from commit a69b874ee64737c7bbd59aa739e981b3fe61a944)
    Signed-off-by: Chris Cormack <>

commit 9ae84a513072b742013c391f2e3622c7c3e627f9
Author: Josef Moravec <>
Date:   Sun Dec 3 22:21:57 2017 +0000

    Bug 19738: Fix XSS on vendor name in serials module
    Test plan:
    1) do not apply this patch
    2) Have at least one vendor which name does contain javascript, for
    example: <i>Vendor 1</i><script>alert('Hi');</script>
    3) go to serial module and create new subscription
    4) use "Search for vendor"
    5) Search for your vendor, when search results table is presented, the
    javascript is executed
    6) go through subscription creation and save the new subscription
    7) On subscription detail page, the javascript is executed as well
    8) apply this patch
    9) Repeat 3-7, the script is not executed, the input is escaped
    Signed-off-by: Katrin Fischer <>
    Signed-off-by: Marcel de Rooy <>
    Signed-off-by: Fridolin Somers <>
    (cherry picked from commit 8a20bfe5ea8930bc331ad3c6f5f268ee13f8d8a0)
    Signed-off-by: Chris Cormack <>


Summary of changes:
 .../prog/en/modules/admin/              |   20 ++++++++++----------
 .../prog/en/modules/serials/ |    4 ++--
 .../prog/en/modules/serials/ |    2 +-
 3 files changed, 13 insertions(+), 13 deletions(-)

main Koha release repository
koha-commits mailing list

Reply via email to