Bug 13041 - Can't add user as manager of basket if name includes a single quote

If you are trying to add a user as a manager of a basket in acquisitions, a JavaScript error will be triggered if that user has a single quote in their name (e.g. "O'Neil"). This patch corrects the issue by removing the "onclick" attribute and using the JS change made in Bug 16386. Also changed by this patch: Increased the size of the patron search popup and made a correction to some invalid HTML. To test you should have a patron whose name contains a single quote who is also a user with permission to manage acquisitions. - Apply the patch and go to Acquisitions. - Locate an open basket and view the details for that basket. - In the "Managed by" section, click the "Add user" button to trigger the patron search popup. - Search for the patron described above and click the "Add" button. - In the parent window, the patron you chose should have been added to the "Managed by" section. Tested on top of Bug 16383, behaves as expected. Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-04 09:34:46 -04:00 · 2016-05-04 09:34:46 -04:00 · 33bfb17672
commit 33bfb17672
parent 672277197d
3 changed files with 3 additions and 3 deletions
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basket.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basket.tt
@ -126,7 +126,7 @@
        window.open(
            "/cgi-bin/koha/acqui/add_user_search.pl",
            'UserSearchPopup',
-            'width=740, height=450, scrollbars=yes, toolbar=no,'
+            'width=840, height=500, scrollbars=yes, toolbar=no,'
         );
    }

--- a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/tables/members_results.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/tables/members_results.tt
@ -18,7 +18,7 @@
                    [%- IF selection_type == 'select' -%]
                        "<a href=\"#\" style='cursor:pointer' onclick='select_user(\"[% data.borrowernumber %]\", [% To.json(data) | html %] );'>Select</a>"
                    [%- ELSE -%]
-                        "<a href=\"#\" style='cursor:pointer' onclick='add_user(\"[% data.borrowernumber %]\", \"[% data.firstname %] [% data.surname %]\");'>Select</a>"
+                        "<a href=\"#\" data-borrowernumber=\"[% data.borrowernumber %]\" data-firstname=\"[% data.firstname %]\" data-surname=\"[% data.surname %]\" class=\"btn btn-mini add_user\"><i class=\"fa fa-plus\"></i> Add</a>"
                    [%- END -%]
            }[% UNLESS loop.last %],[% END %]
        [% END %]
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/common/patron_search.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/common/patron_search.tt
@ -199,7 +199,7 @@ function filterByFirstLetterSurname(letter) {
                    <input type="submit" value="Search" />
                </fieldset>
            </fieldset>
-        <form>
+        </form>

        [% IF patrons_with_acq_perm_only %]
            <div class="hint">Only staff with superlibrarian or acquisitions permissions (or order_manage permission if granular permissions are enabled) are returned in the search results</div>