From fac50f8c1a5c1815e0bf5361486423fc95410d0d Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Tue, 8 Mar 2016 14:09:09 +0000 Subject: [PATCH] Bug 15722: Escape patron infos for JSON in patron searches MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit If patron infos contain invalid JSON chars (\t for instance), the results won't appear. The solution is to escape these info. Test plan: Edit patron infos in DB (update borrowers set surname="foobar\t" where borrowernumber=42) Search for foobar (you should have more than 1 result) Without this patch, DT retrieves a bad formatted JSON and the results won't appear. With this patch, the table result appears Signed-off-by: Kyle M Hall Signed-off-by: Katrin Fischer Signed-off-by: Brendan A Gallagher (cherry picked from commit cd20b61a7c845110e518e6dedc12ac50efebe4aa) Signed-off-by: Julian Maurice (cherry picked from commit eba74c8e51a52432362150c38d674f661a6228e8) Signed-off-by: Frédéric Demians --- .../prog/en/modules/acqui/tables/members_results.tt | 2 +- .../prog/en/modules/members/tables/members_results.tt | 2 +- .../prog/en/modules/patroncards/tables/members_results.tt | 2 +- .../prog/en/modules/serials/tables/members_results.tt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/tables/members_results.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/tables/members_results.tt index 681f1cd583..ef325f3aa5 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/tables/members_results.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/tables/members_results.tt @@ -9,7 +9,7 @@ "dt_cardnumber": "[% data.cardnumber %]", "dt_name": - "[% INCLUDE 'patron-title.inc' borrowernumber = data.borrowernumber category_type = data.category_type firstname = data.firstname surname = data.surname othernames = data.othernames cardnumber = data.cardnumber invert_name = 1%]", + "[% INCLUDE 'patron-title.inc' borrowernumber = data.borrowernumber category_type = data.category_type firstname = To.json(data.firstname) surname = To.json(data.surname) othernames = To.json(data.othernames) cardnumber = data.cardnumber invert_name = 1%]", "dt_branch": "[% data.branchname |html %]", "dt_category": diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/members_results.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/members_results.tt index 7d5e9622e1..51828922a7 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/members_results.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/members_results.tt @@ -14,7 +14,7 @@ "dt_cardnumber": "[% data.cardnumber | html %]", "dt_name": - "[% INCLUDE 'patron-title.inc' borrowernumber = data.borrowernumber category_type = data.category_type firstname = data.firstname surname = data.surname othernames = data.othernames invert_name = 1 %]
[% INCLUDE escape_address data = data %]", + "[% INCLUDE 'patron-title.inc' borrowernumber = data.borrowernumber category_type = data.category_type firstname = To.json(data.firstname) surname = To.json(data.surname) othernames = To.json(data.othernames) invert_name = 1 %]
[% INCLUDE escape_address data = data %]", "dt_category": "[% data.category_description |html %] ([% data.category_type |html %])", "dt_branch": diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/patroncards/tables/members_results.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/patroncards/tables/members_results.tt index cbe741ba47..087aa8c705 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/patroncards/tables/members_results.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/patroncards/tables/members_results.tt @@ -9,7 +9,7 @@ "dt_cardnumber": "[% data.cardnumber %]", "dt_name": - "[% INCLUDE 'patron-title.inc' borrowernumber = data.borrowernumber category_type = data.category_type firstname = data.firstname surname = data.surname othernames = data.othernames cardnumber = data.cardnumber invert_name = 1%]", + "[% INCLUDE 'patron-title.inc' borrowernumber = data.borrowernumber category_type = data.category_type firstname = To.json(data.firstname) surname = To.json(data.surname) othernames = To.json(data.othernames) cardnumber = data.cardnumber invert_name = 1%]", "dt_category": "[% data.category_description |html %] ([% data.category_type |html %])", "dt_branch": diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/serials/tables/members_results.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/serials/tables/members_results.tt index 840b391c5f..b5096c6d54 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/serials/tables/members_results.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/serials/tables/members_results.tt @@ -9,7 +9,7 @@ "dt_cardnumber": "[% data.cardnumber %]", "dt_name": - "[% INCLUDE 'patron-title.inc' borrowernumber = data.borrowernumber category_type = data.category_type firstname = data.firstname surname = data.surname othernames = data.othernames cardnumber = data.cardnumber invert_name = 1%]", + "[% INCLUDE 'patron-title.inc' borrowernumber = data.borrowernumber category_type = data.category_type firstname = To.json(data.firstname) surname = To.jon(data.surname) othernames = To.json(data.othernames) cardnumber = data.cardnumber invert_name = 1%]", "dt_branch": "[% data.branchname |html %]", "dt_action": -- 2.39.5