Jonathan Druart
1d0d5f1398
There are certainly hundred of places where they are not escaped...
Test plan:
Create a patron with "Arun <script>alert('code injection');</script>" in
some of the fields.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
27 lines
1.2 KiB
PHP
27 lines
1.2 KiB
PHP
[%- IF ( borrower.borrowernumber ) %]
|
|
[%- IF borrower.category_type == 'I' %]
|
|
[%- borrower.surname | html %] [% IF borrower.othernames %] ([% borrower.othernames | html %]) [% END %]
|
|
[%- ELSE %]
|
|
[%- IF invert_name %]
|
|
[%- borrower.surname | html %], [% borrower.firstname | html %] [% IF borrower.othernames %] ([% borrower.othernames | html %]) [% END %]
|
|
[%- ELSE %]
|
|
[%- borrower.firstname | html %] [% IF borrower.othernames %] ([% borrower.othernames | html %]) [% END %] [% borrower.surname | html %]
|
|
[%- END -%]
|
|
[%- END -%]
|
|
[%- IF ( borrower.cardnumber ) -%]
|
|
([% borrower.cardnumber | html %])
|
|
[%- END %]
|
|
[%- ELSIF ( borrowernumber ) %]
|
|
[%- IF category_type == 'I' %]
|
|
[%- surname | html %] [% IF othernames %] ([% othernames | html %]) [% END %]
|
|
[%- ELSE %]
|
|
[%- IF invert_name %]
|
|
[%- surname | html %], [% firstname | html %] [% IF othernames %] ([% othernames | html %]) [% END %]
|
|
[%- ELSE %]
|
|
[%- firstname | html %] [% IF othernames %] ([% othernames | html %]) [% END %] [% surname | html %]
|
|
[%- END %]
|
|
[%- END -%]
|
|
[%- IF ( cardnumber ) -%]
|
|
([% cardnumber | html %])
|
|
[%- END %]
|
|
[%- END -%]
|