From dd94d1bc4ca68d8466b4d7fb154c6714a7782b58 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Thu, 26 May 2016 12:08:30 +0100 Subject: [PATCH] Bug 16599: Fix other potentials XSS for shelfname Signed-off-by: Chris Cormack Signed-off-by: Marcel de Rooy Signed-off-by: Brendan Gallagher (cherry picked from commit bb4543f7db62836b048c632a0a184acb021286ad) Signed-off-by: Julian Maurice --- .../opac-tmpl/bootstrap/en/modules/opac-downloadshelf.tt | 6 +++--- .../opac-tmpl/bootstrap/en/modules/opac-results-grouped.tt | 2 +- .../opac-tmpl/bootstrap/en/modules/opac-shelves-rss.tt | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-downloadshelf.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-downloadshelf.tt index 4e4f832493..7824f3140d 100644 --- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-downloadshelf.tt +++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-downloadshelf.tt @@ -1,7 +1,7 @@ [% USE Koha %] [% IF ( fullpage ) %] [% INCLUDE 'doc-head-open.inc' %] - [% IF ( LibraryNameTitle ) %][% LibraryNameTitle %][% ELSE %]Koha online[% END %] catalog › Download list [% shelf.shelfname %][% INCLUDE 'doc-head-close.inc' %] + [% IF ( LibraryNameTitle ) %][% LibraryNameTitle %][% ELSE %]Koha online[% END %] catalog › Download list [% shelf.shelfname | html %][% INCLUDE 'doc-head-close.inc' %] [% BLOCK cssinclude %][% END %] [% INCLUDE 'bodytag.inc' bodyid='opac-downloadlist' %] @@ -20,7 +20,7 @@ [% END %] -
  • Download list [% shelf.shelfname %]
  • +
  • Download list [% shelf.shelfname | html %]
  • @@ -47,7 +47,7 @@

    Your download should begin automatically.

    [% ELSE %] -

    Download list [% shelf.shelfname %]

    +

    Download list [% shelf.shelfname | html %]

    [% IF Koha.Preference( 'opacbookbag' ) == 1 %][% END %][% IF Koha.Preference( 'virtualshelves' ) == 1 %][% IF ( loggedinusername ) %][% IF ( barshelves ) %][% FOREACH barshelvesloo IN barshelvesloop %][% IF ( category == 1 ) %][% END %][% END %][% END %][% ELSE %][% END %][% END %] "); + $("span.addto").html(" "); $("#addto").change(function(){ cartList(); }); diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves-rss.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves-rss.tt index 2525d80c0e..5e0183488a 100644 --- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves-rss.tt +++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves-rss.tt @@ -3,7 +3,7 @@ - [% shelf.shelfname %] + [% shelf.shelfname | html %] [% OPACBaseURL %]/cgi-bin/koha/opac-shelves.pl?rss=1&viewshelf=[% shelf.shelfnumber %] RSS feed for public list [% shelf.shelfname | html %] -- 2.39.5