From 3169434cfa7295025e4ff5fea58f7e9730a96650 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Tue, 2 Aug 2016 16:03:37 +0100 Subject: [PATCH] Bug 16800: Fix XSS in catalogue/*detail.tt - author Test plan: catalogue a bibliographic record with a author= Go on the detail pages. => Without this patch you will see the alert => With this patch, no more alert Signed-off-by: Chris Cormack Signed-off-by: Katrin Fischer Signed-off-by: Kyle M Hall --- koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detail.tt | 6 +++--- .../intranet-tmpl/prog/en/modules/catalogue/moredetail.tt | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detail.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detail.tt index aaded627df..d53df31f4a 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detail.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detail.tt @@ -428,12 +428,12 @@ function verify_images() { [% END %] [% UNLESS ( item_level_itypes ) %][% translated_description %][% END %] [% IF ( unititle ) %]

[% unititle |html %]

[% END %] - [% IF ( author ) %]

By [% author %]

[% END %] + [% IF ( author ) %]

By [% author | html %]

[% END %]
    [% IF ( MARCAUTHORS ) %]
  • Additional authors: @@ -1028,7 +1028,7 @@ function verify_images() { [% FOREACH XISBN IN XISBNS %][% IF ( AmazonCoverImages ) %][% END %] [% UNLESS ( item_level_itypes ) %][% END %] -
    [% IF ( noItemTypeImages ) %][% XISBN.description %][% ELSE %][% XISBN.description %][% END %][% XISBN.title |html %] by [% XISBN.author %] ©[% XISBN.copyrightdate %] +[% XISBN.title |html %] by [% XISBN.author | html %] ©[% XISBN.copyrightdate %] [% IF ( XISBN.publishercode ) %] [% XISBN.publishercode %] [% IF ( XISBN.place ) %]([% XISBN.place %])[% END %] [% IF ( XISBN.publicationyear ) %], [% XISBN.publicationyear %][% END %] [% IF ( XISBN.editionstatement ) %][% XISBN.editionstatement %][% END %] [% IF ( XISBN.editionresponsability ) %][% XISBN.editionresponsability %][% END %] [% END %] diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/moredetail.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/moredetail.tt index 26131dec63..2870d955ec 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/moredetail.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/moredetail.tt @@ -34,7 +34,7 @@

    [% title |html %]

    [% IF ( subtitle ) %]

    [% FOREACH subtitl IN subtitle %] [% subtitl.subfield|html %][% END %]

    [% END %] - [% IF ( author ) %]

    by [% author %]

    [% END %] + [% IF ( author ) %]

    by [% author | html %]

    [% END %]
    1. Biblionumber: [% biblionumber %] 
    2. [% UNLESS ( item_level_itypes ) %] -- 2.39.5