Koha/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/members_results.tt
Jonathan Druart cd20b61a7c Bug 15722: Escape patron infos for JSON in patron searches
If patron infos contain invalid JSON chars (\t for instance), the
results won't appear.
The solution is to escape these info.

Test plan:
Edit patron infos in DB (update borrowers set surname="foobar\t" where
borrowernumber=42)
Search for foobar (you should have more than 1 result)
Without this patch, DT retrieves a bad formatted JSON and the results
won't appear.
With this patch, the table result appears

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-24 16:14:31 +00:00

47 lines
2.7 KiB
Text

[% USE To %]
[% USE AuthorisedValues %]
[% USE KohaDates %]
{
"sEcho": [% sEcho %],
"iTotalRecords": [% iTotalRecords %],
"iTotalDisplayRecords": [% iTotalDisplayRecords %],
"aaData": [
[% FOREACH data IN aaData %]
{
[% IF CAN_user_tools_manage_patron_lists %]
"dt_borrowernumber":
"<input type='checkbox' class='selection' name='borrowernumber' value='[% data.borrowernumber %]' />",
[% END %]
"dt_cardnumber":
"[% data.cardnumber | html %]",
"dt_name":
"<span style='white-space:nowrap'><a href='/cgi-bin/koha/members/moremember.pl?borrowernumber=[% data.borrowernumber %]'>[% INCLUDE 'patron-title.inc' borrowernumber = data.borrowernumber category_type = data.category_type firstname = To.json(data.firstname) surname = To.json(data.surname) othernames = To.json(data.othernames) invert_name = 1 %]</a><br />[% INCLUDE escape_address data = data %]</span>",
"dt_dateofbirth":
"[% data.dateofbirth | $KohaDates %]",
"dt_category":
"[% data.category_description |html %] ([% data.category_type |html %])",
"dt_branch":
"[% data.branchname |html %]",
"dt_dateexpiry":
"[% data.dateexpiry %]",
"dt_od_checkouts":
"[% IF data.overdues %]<span class='overdue'><strong>[% data.overdues %]</strong></span>[% ELSE %][% data.overdues %][% END %] / [% data.issues %]",
"dt_fines":
"<span style='text-align: right; display: block;'>[% IF data.fines < 0 %]<span class='credit'>[% data.fines |html %]</span> [% ELSIF data.fines > 0 %] <span class='debit'><strong>[% data.fines |html %]</strong></span> [% ELSE %] [% data.fines |html%] [% END %]</span>",
"dt_borrowernotes":
"[% data.borrowernotes.replace('\\\\' , '\\\\') |html |html_line_break |collapse %]",
"dt_action":
"<a href='/cgi-bin/koha/members/memberentry.pl?op=modify&amp;destination=circ&amp;borrowernumber=[% data.borrowernumber %]'>Edit</a>",
"borrowernumber":
"[% data.borrowernumber %]"
}[% UNLESS loop.last %],[% END %]
[% END %]
]
}
[% BLOCK escape_address %]
[%~ SET address = data.streetnumber _ ' ' %]
[%~ IF data.streettype %][% address = address _ AuthorisedValues.GetByCode( 'ROADTYPE', data.streettype ) _ ' ' %][% END %]
[%~ IF data.address %][% address = address _ data.address _ ' ' %][% END %]
[%~ IF data.address2 %][% address = address _ data.address2 _ ' ' %][% END %]
[%~ To.json( address ) ~%]
[% END %]