Galen Charlton
60983cfeee
kohabug 2026 - HTML-escape comments
...
This is a partial, perhaps temporary fix. "<", ">",
and "&" characters in patron comments (AKA reviews)
are converted to "<", ">", and "&" to avoid
certain attacks, e.g., a user entering a <script> tag
in a comment.
A more permanent fix should scrub all (or perhaps just
unsafe) tags from submitted comments entirely.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-30 21:59:01 -05:00
f3dbe6c27b
Adding tablesorter
...
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-03-18 15:18:51 -05:00
Galen Charlton
c7dea40a16
add Tools breadcrumbs & sidebar to OPAC comment moderation
...
Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-02-15 08:24:59 -06:00
Joshua Ferraro
3d1fb4462f
nomenclature improvements, updating README.txt
...
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-12-22 15:10:32 -06:00
c3ac60db88
More template cleanup, resident search forms, breadcrumbs menus
...
Signed-off-by: Chris Cormack <crc@liblime.com>
2007-09-14 17:47:24 -05:00
c44f56fcac
Moving </head><body> into body of templates so that js and css can be embedded per-page.
...
Signed-off-by: Chris Cormack <crc@liblime.com>
2007-08-30 15:50:54 -05:00
62e94fd1b0
More changes to enable YUI-Grids CSS layout
...
Signed-off-by: Chris Cormack <crc@liblime.com>
2007-08-28 16:50:44 -05:00
Joshua Ferraro
d08387dd28
first go at moving templates to a modules/ dir
...
Signed-off-by: Chris Cormack <crc@liblime.com>
2007-08-23 21:11:27 -05:00