Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity

Bug 19560: Correctly escape branchcode in admin/branches.pl

Browse source 
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This commit is contained in:
Jonathan Druart 2017-11-29 15:24:40 -03:00
parent 441585a6cc
commit e224182cc3
1 changed files with 14 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
koha-tmpl/intranet-tmpl/prog/en/modules/admin/branches.tt
View file

@ -1,13 +1,13 @@
[% INCLUDE 'doc-head-open.inc' %]
<title>Koha &rsaquo; Administration &rsaquo; Libraries and groups
[% IF op == 'editcategory' %]
&rsaquo;[% IF category.categorycode %]Edit group [% category.categorycode%][% ELSE %]New group[% END %]
&rsaquo; [% IF category.categorycode %] Edit group [% category.categorycode%] [% ELSE %] New group [% END %]
[% ELSIF op == 'delete_confirm_category' %]
&rsaquo; Confirm deletion of group [% category.categorycode %]
[% ELSIF op == 'add_form' %]
&rsaquo;[% IF library %]Modify library[% ELSE %]New library [% library.branchcode %][% END %]
&rsaquo; [% IF library %] Modify library [% library.branchcode | html %] [% ELSE %] New library [% END %]
[% ELSIF op == 'delete_confirm' %]
&rsaquo; Confirm deletion of library '[% library.branchcode %]'
&rsaquo; Confirm deletion of library '[% library.branchcode | html %]'
[% END %]
</title>
[% INCLUDE 'doc-head-close.inc' %]
@ -63,13 +63,13 @@ tinyMCE.init({
&rsaquo; <a href="/cgi-bin/koha/admin/admin-home.pl">Administration</a>
&rsaquo; <a href="/cgi-bin/koha/admin/branches.pl">Libraries and groups</a>
[% IF op == 'add_form_category' %]
&rsaquo; [% IF category.categorycode %]Edit group [% category.categorycode %][% ELSE %]New group[% END %]
&rsaquo; [% IF category.categorycode %] Edit group [% category.categorycode %] [% ELSE %] New group [% END %]
[% ELSIF op == 'delete_confirm_category' %]
&rsaquo; Confirm deletion of group [% category.categorycode %]
[% ELSIF op == 'add_form' %]
&rsaquo; [% IF library %]Modify library[% ELSE %]New library [% library.branchcode %][% END %]
&rsaquo; [% IF library %] Modify library [% library.branchcode | html %] [% ELSE %] New library [% END %]
[% ELSIF op == 'delete_confirm' %]
&rsaquo; Confirm deletion of library '[% library.branchcode %]'
&rsaquo; Confirm deletion of library '[% library.branchcode | html %]'
[% END %]
</div>
@ -143,7 +143,7 @@ tinyMCE.init({
[% IF library %]
<span class="label">Library code: </span>
<input type="hidden" name="branchcode" value="[% library.branchcode |html %]" />
[% library.branchcode %]
[% library.branchcode | html %]
[% ELSE %]
<label for="branchcode" class="required">Library code: </label>
<input type="text" name="branchcode" id="branchcode" size="10" maxlength="10" value="[% library.branchcode |html %]" class="required" required="required" />
@ -205,7 +205,7 @@ tinyMCE.init({
[% IF op == 'delete_confirm' and not ( items_count or patrons_count )%]
<div class="dialog alert">
<form action="/cgi-bin/koha/admin/branches.pl" method="post">
<h3>Are you sure you want to delete [% library.branchname |html %] ([% library.branchcode %])?</h3>
<h3>Are you sure you want to delete [% library.branchname |html %] ([% library.branchcode | html %])?</h3>
<input type="hidden" name="op" value="delete_confirmed" />
<input type="hidden" name="branchcode" value="[% library.branchcode |html %]" />
<input type="hidden" name="branchname" value="[% library.branchname |html %]">
@ -272,8 +272,12 @@ tinyMCE.init({
<td>[% library.marcorgcode %]</td>
<td>[% library.branchip %]</td>
<td class="actions">
<a class="btn btn-default btn-xs" href="/cgi-bin/koha/admin/branches.pl?op=add_form&amp;branchcode=[% library.branchcode %]"><i class="fa fa-pencil"></i> Edit</a>
<a class="btn btn-default btn-xs" href="/cgi-bin/koha/admin/branches.pl?op=delete_confirm&amp;branchcode=[% library.branchcode %]"><i class="fa fa-trash"></i> Delete</a>
<a class="btn btn-default btn-xs" href="/cgi-bin/koha/admin/branches.pl?op=add_form&amp;branchcode=[% library.branchcode |uri %]"><i class="fa fa-pencil"></i> Edit</a>
<form action="/cgi-bin/koha/admin/branches.pl" method="post">
<input type="hidden" name="branchcode" value="[% library.branchcode |html %]" />
<input type="hidden" name="op" value="delete_confirm" />
<button type="submit" class="btn btn-default btn-xs"><i class="fa fa-trash"></i> Delete</button>
</form>
</td>
</tr>
[% END %]