From b74763da098ffed73228f355316e9e23463c2894 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Wed, 1 May 2019 20:28:04 -0400 Subject: [PATCH] Bug 22781: Escape cardnumber, category's description, library's name and dateexpiry This will fix the previous failure. Note that other fields like borrowernumber, Price escaped values, integers, etc. could be escaped the same way but will be useless (save polar bears). Signed-off-by: Liz Rea Signed-off-by: Katrin Fischer Signed-off-by: Nick Clemens (cherry picked from commit 3a3057545c56f4f1a41fcd7643265204844cd2d3) Signed-off-by: Martin Renvoize --- .../prog/en/modules/members/tables/members_results.tt | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/members_results.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/members_results.tt index 662f78bcf9..4b4129e1ea 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/members_results.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/members_results.tt @@ -15,17 +15,17 @@ "", [% END %] "dt_cardnumber": - "[% data.cardnumber | html %]", + "[% data.cardnumber | html | $To %]", "dt_name": "[% INCLUDE 'patron-title.inc' borrowernumber = data.borrowernumber category_type = data.category_type firstname = To.json(data.firstname) surname = To.json(data.surname) othernames = To.json(data.othernames) invert_name = 1 %]
[% INCLUDE escape_address data = data %][% IF data.email %]
Email: [% data.email | html %][% END %]", "dt_dateofbirth": "[% data.dateofbirth | $KohaDates %]", "dt_category": - "[% data.category_description | html %] ([% data.category_type | html %])", + "[% data.category_description | html | $To %] ([% data.category_type | html | $To %])", "dt_branch": - "[% data.branchname | html %]", + "[% data.branchname | html | $To %]", "dt_dateexpiry": - "[% data.dateexpiry | html %]", + "[% data.dateexpiry | html | $To %]", "dt_od_checkouts": "[% IF data.overdues %][% data.overdues | html %][% ELSE %][% data.overdues | html %][% END %] / [% data.issues | html %]", "dt_fines": -- 2.39.5