From e75dc18424ba5905b79dd2c92e91ba2c8f4ecfed Mon Sep 17 00:00:00 2001
From: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Date: Wed, 5 Jun 2019 18:40:54 -0500
Subject: [PATCH] Bug 23058: Prevent XSS vulnerabiliies when 'tag' is passed to
 opac-search

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
---
 opac/opac-search.pl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/opac/opac-search.pl b/opac/opac-search.pl
index c39ad59b68..84714a6024 100755
--- a/opac/opac-search.pl
+++ b/opac/opac-search.pl
@@ -607,7 +607,7 @@ my $results_hashref;
 my @coins;
 
 if ($tag) {
-    $query_cgi = "tag=" .$tag . "&" . $query_cgi;
+    $query_cgi = "tag=" .  uri_escape_utf8( $tag ) . "&" . $query_cgi;
     my $taglist = get_tags({term=>$tag, approved=>1});
     $results_hashref->{biblioserver}->{hits} = scalar (@$taglist);
     my @marclist = map { C4::Biblio::GetXmlBiblio( $_->{biblionumber} ) } @$taglist;
-- 
2.39.2