From 4ab091d3bfd2c6659320cbe80d35b805cff3aa4e Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Tue, 2 Aug 2016 16:03:37 +0100 Subject: [PATCH] Bug 16800: Fix XSS in catalogue/*detail.tt - author MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Test plan: catalogue a bibliographic record with a author= Go on the detail pages. => Without this patch you will see the alert => With this patch, no more alert Signed-off-by: Chris Cormack Signed-off-by: Katrin Fischer Signed-off-by: Kyle M Hall (cherry picked from commit 3169434cfa7295025e4ff5fea58f7e9730a96650) Signed-off-by: Frédéric Demians --- koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detail.tt | 6 +++--- .../intranet-tmpl/prog/en/modules/catalogue/moredetail.tt | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detail.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detail.tt index 8dd72cf8e6..886aabec52 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detail.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detail.tt @@ -407,12 +407,12 @@ function verify_images() { [% END %] [% UNLESS ( item_level_itypes ) %][% translated_description %][% END %] [% IF ( unititle ) %]

[% unititle |html %]

[% END %] - [% IF ( author ) %]

By [% author %]

[% END %] + [% IF ( author ) %]

By [% author | html %]

[% END %]
    [% IF ( MARCAUTHORS ) %]
  • Additional authors: @@ -988,7 +988,7 @@ function verify_images() { [% FOREACH XISBN IN XISBNS %][% IF ( AmazonCoverImages ) %][% END %] [% UNLESS ( item_level_itypes ) %][% END %] -
    [% IF ( noItemTypeImages ) %][% XISBN.description %][% ELSE %][% XISBN.description %][% END %][% XISBN.title |html %] by [% XISBN.author %] ©[% XISBN.copyrightdate %] +[% XISBN.title |html %] by [% XISBN.author | html %] ©[% XISBN.copyrightdate %] [% IF ( XISBN.publishercode ) %] [% XISBN.publishercode %] [% IF ( XISBN.place ) %]([% XISBN.place %])[% END %] [% IF ( XISBN.publicationyear ) %], [% XISBN.publicationyear %][% END %] [% IF ( XISBN.editionstatement ) %][% XISBN.editionstatement %][% END %] [% IF ( XISBN.editionresponsability ) %][% XISBN.editionresponsability %][% END %] [% END %] diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/moredetail.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/moredetail.tt index 2a622136ef..4e6945720f 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/moredetail.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/moredetail.tt @@ -33,7 +33,7 @@

    [% title |html %]

    [% IF ( subtitle ) %]

    [% FOREACH subtitl IN subtitle %] [% subtitl.subfield|html %][% END %]

    [% END %] - [% IF ( author ) %]

    by [% author %]

    [% END %] + [% IF ( author ) %]

    by [% author | html %]

    [% END %]
    1. Biblionumber: [% biblionumber %] 
    2. [% UNLESS ( item_level_itypes ) %] -- 2.39.5