This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository".
The branch, 16.11.x has been updated via a90197ebbb6f946ea4caefd7917fb4ff3ecefaa2 (commit) via 9ae84a513072b742013c391f2e3622c7c3e627f9 (commit) from 04ced01839f6792fdab1bca5a6327e524ca863ea (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a90197ebbb6f946ea4caefd7917fb4ff3ecefaa2 Author: Jonathan Druart <jonathan.dru...@bugs.koha-community.org> Date: Wed Nov 29 15:24:40 2017 -0300 Bug 19560: Correctly escape branchcode in admin/branches.pl Signed-off-by: Owen Leonard <oleon...@myacpl.org> Signed-off-by: Josef Moravec <josef.mora...@gmail.com> Signed-off-by: Jonathan Druart <jonathan.dru...@bugs.koha-community.org> Signed-off-by: Nick Clemens <n...@bywatersolutions.com> (cherry picked from commit d9735ae0d8aff9ca405674df3d2b03183e0883b6) Signed-off-by: Fridolin Somers <fridolin.som...@biblibre.com> (cherry picked from commit a69b874ee64737c7bbd59aa739e981b3fe61a944) Signed-off-by: Chris Cormack <chr...@catalyst.net.nz> commit 9ae84a513072b742013c391f2e3622c7c3e627f9 Author: Josef Moravec <josef.mora...@gmail.com> Date: Sun Dec 3 22:21:57 2017 +0000 Bug 19738: Fix XSS on vendor name in serials module Test plan: 1) do not apply this patch 2) Have at least one vendor which name does contain javascript, for example: <i>Vendor 1</i><script>alert('Hi');</script> 3) go to serial module and create new subscription 4) use "Search for vendor" 5) Search for your vendor, when search results table is presented, the javascript is executed 6) go through subscription creation and save the new subscription 7) On subscription detail page, the javascript is executed as well 8) apply this patch 9) Repeat 3-7, the script is not executed, the input is escaped Signed-off-by: Katrin Fischer <katrin.fischer...@web.de> Signed-off-by: Marcel de Rooy <m.de.r...@rijksmuseum.nl> Signed-off-by: Fridolin Somers <fridolin.som...@biblibre.com> (cherry picked from commit 8a20bfe5ea8930bc331ad3c6f5f268ee13f8d8a0) Signed-off-by: Chris Cormack <chr...@catalyst.net.nz> ----------------------------------------------------------------------- Summary of changes: .../prog/en/modules/admin/branches.tt | 20 ++++++++++---------- .../prog/en/modules/serials/acqui-search-result.tt | 4 ++-- .../prog/en/modules/serials/subscription-detail.tt | 2 +- 3 files changed, 13 insertions(+), 13 deletions(-) hooks/post-receive -- main Koha release repository _______________________________________________ koha-commits mailing list koha-commits@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-commits