bfbba2339f
To Test 1. Hit the page /cgi-bin/koha/admin/items_search_fields.pl 2. Add a text in the field Name and Label that contains js 3. Save the page. 4. Notice js is execute 5. Apply patch and reload, the js is escaped Fixed for new and edit page Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
42 lines
1.5 KiB
Text
42 lines
1.5 KiB
Text
[% USE AuthorisedValues %]
|
|
[% INCLUDE 'doc-head-open.inc' %]
|
|
<title>Koha › Administration › Item search fields</title>
|
|
[% INCLUDE 'doc-head-close.inc' %]
|
|
</head>
|
|
<body id="admin_itemssearchfields" class="admin">
|
|
[% INCLUDE 'header.inc' %]
|
|
[% INCLUDE 'prefs-admin-search.inc' %]
|
|
<div id="breadcrumbs">
|
|
<a href="/cgi-bin/koha/mainpage.pl">Home</a> ›
|
|
<a href="/cgi-bin/koha/admin/admin-home.pl">Administration</a> ›
|
|
<a href="/cgi-bin/koha/admin/items_search_fields.pl">Item search fields</a> ›
|
|
[% field.name |html %]
|
|
</div>
|
|
|
|
<div id="doc3" class="yui-t2">
|
|
<div id="bd">
|
|
<div id="yui-main">
|
|
<div class="yui-b">
|
|
<h1>Item search field: [% field.label |html %]</h1>
|
|
|
|
<form action="/cgi-bin/koha/admin/items_search_field.pl" method="POST" class="validated">
|
|
<fieldset class="rows">
|
|
<legend>Edit field</legend>
|
|
[% INCLUDE 'admin-items-search-field-form.inc' field=field %]
|
|
<div>
|
|
<input type="hidden" name="op" value="mod" />
|
|
</div>
|
|
</fieldset>
|
|
<fieldset class="action">
|
|
<input type="submit" value="Submit" />
|
|
<a class="cancel" href="/cgi-bin/koha/admin/items_search_fields.pl">Cancel</a>
|
|
</fieldset>
|
|
</form>
|
|
</div>
|
|
</div>
|
|
<div class="yui-b">
|
|
[% INCLUDE 'admin-menu.inc' %]
|
|
</div>
|
|
</div>
|
|
|
|
[% INCLUDE 'intranet-bottom.inc' %]
|