From 7fbce0b177b1b1a19cf11d51896e5b35abef8c4c Mon Sep 17 00:00:00 2001
From: Nick Clemens <nick@bywatersolutions.com>
Date: Tue, 26 Apr 2022 10:56:52 +0000
Subject: [PATCH] Bug 27546: (follow-up) Escape new search string

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
---
 koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/results.tt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/results.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/results.tt
index ff13b58d3e..1740b823fb 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/results.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/results.tt
@@ -776,7 +776,7 @@
             e.preventDefault();
             var index = $("#refine_search #idx").val() || "";
             if( index){index += ":";}
-            window.location.href = "/cgi-bin/koha/catalogue/search.pl?[% query_cgi | $raw %]&[% limit_cgi | $raw %]&[% sort_cgi | $raw %]&limit="+index+$("#refiner").val();
+            window.location.href = "/cgi-bin/koha/catalogue/search.pl?[% query_cgi | $raw %]&[% limit_cgi | $raw %]&[% sort_cgi | $raw %]&limit="+index+escape_str( $("#refiner").val() );
         });
     </script>
     [% Asset.js("js/pages/results.js") | $raw %]
-- 
2.39.2