From 01b38d3b13f09b927201cba5eb146b6597d4bfeb Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Fri, 23 Jan 2015 13:18:54 +0100 Subject: [PATCH] Bug 13618: Use Template::Stash::AutoEscaping to use the html filter MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Test plan: 0/ sudo cpanm Template::Stash::AutoEscaping 1/ Verify don't reproduce the XSS issue described on bug 13609 and other xss related bugs. 2/ Try to find some encoding issues (detail page, search results, facets, etc.) Signed-off-by: Signed-off-by: Joonas Kylmälä Signed-off-by: Bernardo Gonzalez Kriegel Signed-off-by: Katrin Fischer Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com --- C4/Installer/PerlDependencies.pm | 5 +++++ C4/Templates.pm | 2 ++ .../en/modules/opac-authoritiessearchresultlist.tt | 6 +++--- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/C4/Installer/PerlDependencies.pm b/C4/Installer/PerlDependencies.pm index d621f3377d..be840776b3 100644 --- a/C4/Installer/PerlDependencies.pm +++ b/C4/Installer/PerlDependencies.pm @@ -822,6 +822,11 @@ our $PERL_DEPS = { 'required' => '0', 'min_ver' => '0.03', }, + 'Template::Stash::AutoEscaping' => { + 'usage' => 'Code', + 'required' => '1', + 'min_ver' => '0.0303', + }, }; 1; diff --git a/C4/Templates.pm b/C4/Templates.pm index 4f23dc700c..052821749b 100644 --- a/C4/Templates.pm +++ b/C4/Templates.pm @@ -5,6 +5,7 @@ use warnings; use Carp; use CGI qw ( -utf8 ); use List::MoreUtils qw/ any uniq /; +use Template::Stash::AutoEscaping; # Copyright 2009 Chris Cormack and The Koha Dev Team # @@ -69,6 +70,7 @@ sub new { COMPILE_DIR => $use_template_cache ? C4::Context->config('template_cache_dir') : '', INCLUDE_PATH => \@includes, FILTERS => {}, + STASH => Template::Stash::AutoEscaping->new, ENCODING => 'UTF-8', } ) or die Template->error(); diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-authoritiessearchresultlist.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-authoritiessearchresultlist.tt index 4ebaac6521..6ded40c7c5 100644 --- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-authoritiessearchresultlist.tt +++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-authoritiessearchresultlist.tt @@ -1,7 +1,7 @@ [% USE Koha %] [% PROCESS 'opac-authorities.inc' %] [% PROCESS 'authorities-search-results.inc' %] -[% pagination = BLOCK %] +[% BLOCK pagination %]