From 7e21b1fd2d9e72d3b5f94bd111f0f8f2d8d7e104 Mon Sep 17 00:00:00 2001
From: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Date: Wed, 12 Dec 2018 11:05:19 -0300
Subject: [PATCH] Bug 21986: Do not escape quotation marks when cataloguing

In several places we escape quotation marks using
  $value =~ s/"/&quot;/g;
All the occurrences are wrong and must be removed.
Most of them are leftover of bug 11638 (Remove HTML from
addbiblio.pl), which removes the construction of html from pl scripts.

The problem has been highlighted by bug 13618, I did not track down why
the issue did not exist before (?)

Test plan:
0/ Use strings with quotation marks, like:
'Fiddle tune history : "bad" tunes'
You can also use other html characters to make the tests more complete,
like 'Fiddle tune history : <"bad" tunes>'
1/ authorities/authorities.pl
a. Edit an authority filling different fields with quotation marks
b. Edit it again
=> The display (inputs' values) is wrong, if you save the escaped quotes
will be inserted
2/ cataloguing/addbiblio.pl
Same editing a bibliographic record
3/ cataloguing/additem.pl
Same editing items
4/ members/memberentry.pl
Edit a patron's record and fill some fields with quotation marks
+ fields borrowernotes and opacnotes
=> The quotes are inserted directly in DB (escape is done before the
insert!)
5/ opac/opac-review.pl
For QA only: $js_ok_review is never used
6/ tools/batchMod.pl
For QA only: $value is always undefined at that point

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
(cherry picked from commit d561273ef84f4bc2534ac63d0f8793c9eb2a7fb9)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 305729fdc04c723b2eb372441500d3151e1a62d3)

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit e2cfc2615c119252e5c317059312c0d020f2924f)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
---
 authorities/authorities.pl | 2 --
 cataloguing/addbiblio.pl   | 2 --
 cataloguing/additem.pl     | 1 -
 members/memberentry.pl     | 1 -
 opac/opac-review.pl        | 3 ---
 tools/batchMod.pl          | 3 +--
 6 files changed, 1 insertion(+), 11 deletions(-)

diff --git a/authorities/authorities.pl b/authorities/authorities.pl
index 7ffb0109ba..18fa5db63a 100755
--- a/authorities/authorities.pl
+++ b/authorities/authorities.pl
@@ -136,8 +136,6 @@ sub create_input {
     
     my $index_subfield = CreateKey(); # create a specifique key for each subfield
 
-    $value =~ s/"/&quot;/g;
-
     # determine maximum length; 9999 bytes per ISO 2709 except for leader and MARC21 008
     my $max_length = 9999;
     if ($tag eq '000') {
diff --git a/cataloguing/addbiblio.pl b/cataloguing/addbiblio.pl
index 6606ac2625..91f6588470 100755
--- a/cataloguing/addbiblio.pl
+++ b/cataloguing/addbiblio.pl
@@ -281,8 +281,6 @@ sub create_input {
     
     my $index_subfield = CreateKey(); # create a specifique key for each subfield
 
-    $value =~ s/"/&quot;/g;
-
     # if there is no value provided but a default value in parameters, get it
     if ( $value eq '' ) {
         $value = $tagslib->{$tag}->{$subfield}->{defaultvalue};
diff --git a/cataloguing/additem.pl b/cataloguing/additem.pl
index 4a043f92d4..2ee414d4ae 100755
--- a/cataloguing/additem.pl
+++ b/cataloguing/additem.pl
@@ -128,7 +128,6 @@ sub generate_subfield_form {
         $subfield_data{repeatable} = $subfieldlib->{repeatable};
         $subfield_data{maxlength}  = $subfieldlib->{maxlength};
         
-        $value =~ s/"/&quot;/g;
         if ( ! defined( $value ) || $value eq '')  {
             $value = $subfieldlib->{defaultvalue};
             # get today date & replace <<YYYY>>, <<MM>>, <<DD>> if provided in the default value
diff --git a/members/memberentry.pl b/members/memberentry.pl
index 0798e1f7a7..77501b59d8 100755
--- a/members/memberentry.pl
+++ b/members/memberentry.pl
@@ -180,7 +180,6 @@ if ( $op eq 'insert' || $op eq 'modify' || $op eq 'save' || $op eq 'duplicate' )
     foreach my $key (@names) {
         if (defined $input->param($key)) {
             $newdata{$key} = $input->param($key);
-            $newdata{$key} =~ s/\"/&quot;/g unless $key eq 'borrowernotes' or $key eq 'opacnote';
         }
     }
 
diff --git a/opac/opac-review.pl b/opac/opac-review.pl
index b4a26beb93..86a9848ba9 100755
--- a/opac/opac-review.pl
+++ b/opac/opac-review.pl
@@ -71,9 +71,6 @@ if( !@errors && defined $review ) {
 			if ($clean ne $review) {
 				push @errors, {scrubbed=>$clean};
 			}
-			my $js_ok_review = $clean;
-			$js_ok_review =~ s/"/&quot;/g;	# probably redundant w/ TMPL ESCAPE=JS
-			$template->param(clean_review=>$js_ok_review);
             if ($savedreview) {
                 $savedreview->set(
                     {
diff --git a/tools/batchMod.pl b/tools/batchMod.pl
index 8c3b9c8b5d..13868fe2a3 100755
--- a/tools/batchMod.pl
+++ b/tools/batchMod.pl
@@ -347,8 +347,7 @@ foreach my $tag (sort keys %{$tagslib}) {
 	$subfield_data{mandatory}  = $tagslib->{$tag}->{$subfield}->{mandatory};
 	$subfield_data{repeatable} = $tagslib->{$tag}->{$subfield}->{repeatable};
 	my ($x,$value);
-	$value =~ s/"/&quot;/g;
-   if ( !$value && $use_default_values) {
+   if ( $use_default_values) {
 	    $value = $tagslib->{$tag}->{$subfield}->{defaultvalue};
 	    # get today date & replace YYYY, MM, DD if provided in the default value
             my $today = dt_from_string;
-- 
2.39.5