From aa28f0833fd525b6918f333440fbde23a2efc39d Mon Sep 17 00:00:00 2001
From: Tomas Cohen Arazi <tomascohen@theke.io>
Date: Mon, 7 Aug 2017 11:27:33 -0300
Subject: [PATCH] Bug 19034: (followup) Fix letters.tt XSS flaw

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit d7ffd52dfd46190e630c1f25738e77d8d6ebebc8)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
---
 koha-tmpl/intranet-tmpl/prog/en/modules/tools/letter.tt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/letter.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/letter.tt
index 441b0ed75e..0b5e6223e5 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/letter.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/letter.tt
@@ -187,7 +187,7 @@ $(document).ready(function() {
     </form>
 
 		[% IF ( search ) %]
-        <p>You searched for <b>[% searchfield %]</b></p>
+        <p>You searched for <b>[% searchfield | html %]</b></p>
 		[% END %]
 		[% IF ( letter && !independant_branch) %]
             [% select_for_copy = BLOCK %]
-- 
2.39.2