Signed-off-by: Maxime Dufresne <maxime.dufresne@inlibro.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Ho, another bug!
The email was not correctly filtered.
Test plan:
Use the evil string for an email, do a search.
=> Notice that without this patch the results never show up
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Ho, a bug!
Some fields in the address where double filtered.
Test plan:
Use the evil strings in the address field and do a search, you will see
double html encoded characters without this patch.
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
The patron's data was not correctly escaped actually.
Test plan:
This is a good value for the whole patchset: <strong>fir's"tname</strong> \123 ❤
use it for a patron's firstname, then do a search
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Test plan:
Apply only this patch
=> The tests will fail, the library's name is not correctly escaped.
Note:
This applies for the whole patchset, when the tests fail you will need
to remove the patrons added by the tests with the following SQL query:
delete from borrowers where surname like "test_patron_%";
We are expecting END to be called even if something goes wrong, but
DESTROY must be used instead. This will be fixed separately, on its own
bug report.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>