Bug 21986: Do not escape quotation marks when cataloguing
In several places we escape quotation marks using $value =~ s/"/"/g; All the occurrences are wrong and must be removed. Most of them are leftover of bug 11638 (Remove HTML from addbiblio.pl), which removes the construction of html from pl scripts. The problem has been highlighted by bug 13618, I did not track down why the issue did not exist before (?) Test plan: 0/ Use strings with quotation marks, like: 'Fiddle tune history : "bad" tunes' You can also use other html characters to make the tests more complete, like 'Fiddle tune history : <"bad" tunes>' 1/ authorities/authorities.pl a. Edit an authority filling different fields with quotation marks b. Edit it again => The display (inputs' values) is wrong, if you save the escaped quotes will be inserted 2/ cataloguing/addbiblio.pl Same editing a bibliographic record 3/ cataloguing/additem.pl Same editing items 4/ members/memberentry.pl Edit a patron's record and fill some fields with quotation marks + fields borrowernotes and opacnotes => The quotes are inserted directly in DB (escape is done before the insert!) 5/ opac/opac-review.pl For QA only: $js_ok_review is never used 6/ tools/batchMod.pl For QA only: $value is always undefined at that point Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This commit is contained in:
parent
cade3103ec
commit
d561273ef8
6 changed files with 3 additions and 14 deletions
|
|
@ -136,8 +136,6 @@ sub create_input {
|
|||
|
||||
my $index_subfield = CreateKey(); # create a specifique key for each subfield
|
||||
|
||||
$value =~ s/"/"/g;
|
||||
|
||||
# determine maximum length; 9999 bytes per ISO 2709 except for leader and MARC21 008
|
||||
my $max_length = 9999;
|
||||
if ($tag eq '000') {
|
||||
|
|
|
|||
|
|
@ -275,8 +275,6 @@ sub create_input {
|
|||
|
||||
my $index_subfield = CreateKey(); # create a specifique key for each subfield
|
||||
|
||||
$value =~ s/"/"/g;
|
||||
|
||||
# if there is no value provided but a default value in parameters, get it
|
||||
if ( $value eq '' ) {
|
||||
$value = $tagslib->{$tag}->{$subfield}->{defaultvalue} // q{};
|
||||
|
|
|
|||
|
|
@ -143,12 +143,10 @@ sub generate_subfield_form {
|
|||
my $username=(C4::Context->userenv?C4::Context->userenv->{'surname'}:"superlibrarian");
|
||||
$value=~s/<<USER>>/$username/g;
|
||||
}
|
||||
} else {
|
||||
$value =~ s/"/"/g;
|
||||
}
|
||||
|
||||
|
||||
$subfield_data{visibility} = "display:none;" if (($subfieldlib->{hidden} > 4) || ($subfieldlib->{hidden} <= -4));
|
||||
|
||||
|
||||
my $pref_itemcallnumber = C4::Context->preference('itemcallnumber');
|
||||
if (!$value && $subfieldlib->{kohafield} eq 'items.itemcallnumber' && $pref_itemcallnumber) {
|
||||
my $CNtag = substr($pref_itemcallnumber, 0, 3);
|
||||
|
|
|
|||
|
|
@ -178,7 +178,6 @@ if ( $op eq 'insert' || $op eq 'modify' || $op eq 'save' || $op eq 'duplicate' )
|
|||
foreach my $key (@names) {
|
||||
if (defined $input->param($key)) {
|
||||
$newdata{$key} = $input->param($key);
|
||||
$newdata{$key} =~ s/\"/"/g unless $key eq 'borrowernotes' or $key eq 'opacnote';
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -71,9 +71,6 @@ if( !@errors && defined $review ) {
|
|||
if ($clean ne $review) {
|
||||
push @errors, {scrubbed=>$clean};
|
||||
}
|
||||
my $js_ok_review = $clean;
|
||||
$js_ok_review =~ s/"/"/g; # probably redundant w/ TMPL ESCAPE=JS
|
||||
$template->param(clean_review=>$js_ok_review);
|
||||
if ($savedreview) {
|
||||
$savedreview->set(
|
||||
{
|
||||
|
|
|
|||
|
|
@ -331,8 +331,7 @@ foreach my $tag (sort keys %{$tagslib}) {
|
|||
$subfield_data{mandatory} = $tagslib->{$tag}->{$subfield}->{mandatory};
|
||||
$subfield_data{repeatable} = $tagslib->{$tag}->{$subfield}->{repeatable};
|
||||
my ($x,$value);
|
||||
$value =~ s/"/"/g;
|
||||
if ( !$value && $use_default_values) {
|
||||
if ( $use_default_values) {
|
||||
$value = $tagslib->{$tag}->{$subfield}->{defaultvalue};
|
||||
# get today date & replace YYYY, MM, DD if provided in the default value
|
||||
my $today = dt_from_string;
|
||||
|
|
|
|||
Loading…
Reference in a new issue