Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity

Bug 35072: Fix invalid usage of "&" in JavaScript intranet-tmpl script redirects

Browse source 
These escapes were invalid in these places, as HTML entity escapes
are meant to be used only inside of HTML elements/attributes, not
inside of JavaScript code.

These URLs would be sent out by the browser as-is, and that'd usually
work on the default install only coincidentally. Unfortunately, on some
setups (such as when using reverse proxies), this would break, and the
URL after "&" would have been truncated.

This small patch adjusts the URLs in templates to not use wrong escapes,
and makes them consistent with how URLs are formatted for JavaScript
redirects in most of the templates already.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This commit is contained in:
Michał Kula 2023-10-23 15:51:40 +02:00 committed by Tomas Cohen Arazi
parent a5fc346403
commit da9f74e56a
Signed by: tomascohen
GPG key ID: 0A272EA1B2F3C15F
5 changed files with 8 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
koha-tmpl/intranet-tmpl/prog/js/cart.js
View file

@ -54,7 +54,7 @@ function batchModify(){
var bib = $(this).val();
bibs += bib + "/";
});
newloc = "/cgi-bin/koha/tools/batch_record_modification.pl?op=list&amp;bib_list=" + bibs + "&type=biblio";
newloc = "/cgi-bin/koha/tools/batch_record_modification.pl?op=list&bib_list=" + bibs + "&type=biblio";
window.opener.location = newloc;
window.close();

4
koha-tmpl/intranet-tmpl/prog/js/catalog.js
View file

@ -52,7 +52,7 @@ function confirm_deletion(link) {
}
if (is_confirmed) {
$("#deletebiblio").unbind('click');
window.location="/cgi-bin/koha/cataloguing/addbiblio.pl?op=delete&amp;biblionumber=" + biblionumber + (searchid ? "&amp;searchid="+searchid : "");
window.location="/cgi-bin/koha/cataloguing/addbiblio.pl?op=delete&biblionumber=" + biblionumber + (searchid ? "&searchid="+searchid : "");
} else {
return false;
}
@ -67,7 +67,7 @@ function confirm_items_deletion() {
alert(__("%s hold(s) on this record. You must delete all holds before deleting all items.").format(holdcount));
} else if ( count > 0 ) {
if (confirm(__("Are you sure you want to delete the %s attached items?").format(count))) {
window.location="/cgi-bin/koha/cataloguing/additem.pl?op=delallitems&amp;biblionumber=" + biblionumber + (searchid ? "&amp;searchid="+searchid : "");
window.location="/cgi-bin/koha/cataloguing/additem.pl?op=delallitems&biblionumber=" + biblionumber + (searchid ? "&searchid="+searchid : "");
} else {
return false;
}

2
koha-tmpl/intranet-tmpl/prog/js/holds.js
View file

@ -450,7 +450,7 @@ $(document).ready(function() {
let reserve_id = $(this).data('reserve-id');
let biblionumber = $(this).data('biblionumber');
let suspend_until = $('#suspend_until_' + reserve_id).val();
window.location.href='request.pl?action=toggleSuspend&amp;reserve_id=' + reserve_id + '&amp;biblionumber=' + biblionumber + '&amp;suspend_until=' + suspend_until;
window.location.href='request.pl?action=toggleSuspend&reserve_id=' + reserve_id + '&biblionumber=' + biblionumber + '&suspend_until=' + suspend_until;
return false;
});
});

6
koha-tmpl/intranet-tmpl/prog/js/members-menu.js
View file

@ -145,16 +145,16 @@ function update_child() {
function confirm_reregistration() {
var is_confirmed = window.confirm( __("Are you sure you want to renew this patron's registration?") );
if (is_confirmed) {
window.location = '/cgi-bin/koha/members/setstatus.pl?borrowernumber=' + borrowernumber + '&amp;destination=' + destination + '&amp;reregistration=y';
window.location = '/cgi-bin/koha/members/setstatus.pl?borrowernumber=' + borrowernumber + '&destination=' + destination + '&reregistration=y';
}
}
function export_barcodes() {
window.open('/cgi-bin/koha/members/readingrec.pl?borrowernumber=' + borrowernumber + '&amp;op=export_barcodes');
window.open('/cgi-bin/koha/members/readingrec.pl?borrowernumber=' + borrowernumber + '&op=export_barcodes');
}
var slip_re = /slip/;
function printx_window(print_type) {
var handler = print_type.match(slip_re) ? "printslip" : "summary-print";
window.open("/cgi-bin/koha/members/" + handler + ".pl?borrowernumber=" + borrowernumber + "&amp;print=" + print_type, "printwindow");
window.open("/cgi-bin/koha/members/" + handler + ".pl?borrowernumber=" + borrowernumber + "&print=" + print_type, "printwindow");
return false;
}
function searchToHold(){

2
koha-tmpl/intranet-tmpl/prog/js/pages/results.js
View file

@ -434,7 +434,7 @@ function resultsBatchProcess( op ){
selected.each(function() {
params.push( $(this).val() );
});
url = "/cgi-bin/koha/tools/batch_record_modification.pl?op=list&amp;bib_list=" + params.join("/");
url = "/cgi-bin/koha/tools/batch_record_modification.pl?op=list&bib_list=" + params.join("/");
location.href = url;
}
} else if( op == "delete" ){