From 2b04c1bcf53a39d03c03b91b27c78799ed831a87 Mon Sep 17 00:00:00 2001 From: Tomas Cohen Arazi Date: Thu, 7 Jan 2021 16:45:36 -0300 Subject: [PATCH] Bug 20212: (QA follow-up) Fix escaping Signed-off-by: Tomas Cohen Arazi Signed-off-by: Andrew Fuerste-Henry Signed-off-by: Martin Renvoize Signed-off-by: Jonathan Druart --- .../intranet-tmpl/prog/en/modules/acqui/parcel.tt | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/parcel.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/parcel.tt index 96a78dc4e3..b8f8d83296 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/parcel.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/parcel.tt @@ -560,7 +560,7 @@ "orderable": true, "render": function(data, type, row, meta) { if (type != 'display') return data; - return "" + data + " (" + row.basket.basket_id + ")"; + return "" + data.escapeHtml() + " (" + row.basket.basket_id.escapeHtml() + ")"; } }, { "data": "basket.basket_group.name", @@ -579,9 +579,9 @@ } else { return "" - + row.basket.basket_group.name + " (" + row.basket.basket_group_id + ")"; + + encodeURIComponent(row.basket.vendor_id) + "&basketgroupid=" + + encodeURIComponent(row.basket.basket_group_id) + "\">" + + row.basket.basket_group.name.escapeHtml() + " (" + row.basket.basket_group_id.escapeHtml() + ")"; } } }, @@ -589,7 +589,7 @@ "data": "order_id", "render": function(data, type, row, meta) { if (type != 'display') return data; - return ""+data+""; + return ""+data.escapeHtml()+""; } }, { @@ -646,7 +646,7 @@ + encodeURIComponent(suggestion.suggestionid) + '&op=show">' + suggested_by.join(", ") - + " (#" + suggestions[0].suggestionid + ")"; // FIXME: could be changed if we allow matching multiple suggestions + + " (#" + suggestions[0].suggestionid.escapeHtml() + ")"; // FIXME: could be changed if we allow matching multiple suggestions } } result += '

'; -- 2.39.5