Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity

Bug 22781: Test patron's info filtering

Browse source 
The patron's data was not correctly escaped actually.

Test plan:
This is a good value for the whole patchset: <strong>fir's"tname</strong> \123 ❤
use it for a patron's firstname, then do a search

Signed-off-by: Liz Rea <wizzyrea@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This commit is contained in:
Jonathan Druart 2019-05-01 20:29:05 -04:00 committed by Nick Clemens
parent 3a3057545c
commit 35d00030ce
2 changed files with 8 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/members_results.tt
View file

@ -17,7 +17,7 @@
"dt_cardnumber":
"[% data.cardnumber | html | $To %]",
"dt_name":
"<a href=\"/cgi-bin/koha/members/moremember.pl?borrowernumber=[% data.borrowernumber | html %]\" class=\"patron_preview\" data-borrowernumber=\"[% data.borrowernumber | html %]\" style='white-space:nowrap'>[% INCLUDE 'patron-title.inc' borrowernumber = data.borrowernumber category_type = data.category_type firstname = To.json(data.firstname) surname = To.json(data.surname) othernames = To.json(data.othernames) invert_name = 1 %]</a><br />[% INCLUDE escape_address data = data %][% IF data.email %]<br/>Email: <a href='mailto:[% data.email | html %]'>[% data.email | html %]</a>[% END %]",
"<a href=\"/cgi-bin/koha/members/moremember.pl?borrowernumber=[% data.borrowernumber | html %]\" class=\"patron_preview\" data-borrowernumber=\"[% data.borrowernumber | html %]\" style='white-space:nowrap'>[% INCLUDE 'patron-title.inc' borrowernumber = data.borrowernumber category_type = data.category_type firstname = data.firstname surname = data.surname othernames = data.othernames invert_name = 1 | $To %]</a><br />[% INCLUDE escape_address data = data %][% IF data.email %]<br/>Email: <a href='mailto:[% data.email | html %]'>[% data.email | html %]</a>[% END %]",
"dt_dateofbirth":
"[% data.dateofbirth | $KohaDates %]",
"dt_category":

9
t/db_dependent/selenium/patrons_search.t
View file

@ -40,12 +40,13 @@ my $builder = t::lib::TestBuilder->new;
our @cleanup;
subtest 'Search patrons' => sub {
plan tests => 3;
plan tests => 4;
my @patrons;
my $borrowernotes = q|<strong>just 'a" note</strong> \123 ❤|;
my $borrowernotes_displayed = q|just 'a" note \123 ❤|;
my $branchname = q|<strong>just 'another" library</strong> \123 ❤|;
my $branchname = q|<strong>just 'another" library</strong> \123 ❤|;
my $firstname = q|<strong>fir's"tname</strong> \123 ❤|;
my $patron_category = $builder->build_object(
{ class => 'Koha::Patron::Categories', category_type => 'A' } );
my $library = $builder->build_object(
@ -58,6 +59,7 @@ subtest 'Search patrons' => sub {
class => 'Koha::Patrons',
value => {
surname => "test_patron_" . $i++,
firstname => $firstname,
categorycode => $patron_category->categorycode,
branchcode => $library->branchcode,
borrowernotes => $borrowernotes,
@ -73,6 +75,9 @@ subtest 'Search patrons' => sub {
my $first_patron = $patrons[0];
my @td = $driver->find_elements('//table[@id="memberresultst"]/tbody/tr/td');
like ($td[2]->get_text, qr[\Q$firstname\E],
'Column "Name" should be the 3rd and contain the firstname correctly filtered'
);
is( $td[5]->get_text, $branchname,
'Column "Library" should be the 6th and contain the html tags - they have been html filtered'
);