From 10c154353f78c942647fae4fbadccc555fbea3a3 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Thu, 19 Jul 2018 17:36:29 -0300 Subject: [PATCH] Bug 13618: Remove html filters for HtmlTags We will have to make sure this filter (HtmlTags) is not used with unsafe variables. Generated by: perl -p -i -e 's/HtmlTags tag([^\|]*)\| html -%]/HtmlTags tag\1-%]/g' **/*.tt **/*.inc perl -p -i -e 's/HtmlTags tag([^\|]*)\| html %]/HtmlTags tag\1%]/g' **/*.tt **/*.inc Signed-off-by: Owen Leonard Signed-off-by: Martin Renvoize Signed-off-by: Nick Clemens --- .../intranet-tmpl/prog/en/modules/about.tt | 10 ++++----- .../prog/en/modules/admin/currency.tt | 6 ++--- .../prog/en/modules/installer/step2.tt | 22 +++++++++---------- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/about.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/about.tt index 3497607674..cd7ace5d2f 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/about.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/about.tt @@ -202,27 +202,27 @@

Problems found

[% IF ai_patrons %]

Patrons

-

The following ids exist in both tables [% "borrowers" | $HtmlTags tag="strong" | html %] and [% "deletedborrowers" | $HtmlTags tag="strong" | html %]:

+

The following ids exist in both tables [% "borrowers" | $HtmlTags tag="strong" %] and [% "deletedborrowers" | $HtmlTags tag="strong" %]:

[% FOR p IN ai_patrons %][% p.borrowernumber | html %][% UNLESS loop.last %], [% END %][% END %]

[% END %] [% IF ai_biblios %]

Biblios

-

The following ids exist in both tables [% "biblio" | $HtmlTags tag="strong" | html %] and [% "deletedbiblio" | $HtmlTags tag="strong" | html %]:

+

The following ids exist in both tables [% "biblio" | $HtmlTags tag="strong" %] and [% "deletedbiblio" | $HtmlTags tag="strong" %]:

[% FOR b IN ai_biblios %][% b.biblionumber | html %][% UNLESS loop.last %], [% END %][% END %]

[% END %] [% IF ai_items %]

Items

-

The following ids exist in both tables [% "items" | $HtmlTags tag="strong" | html %] and [% "deleteditems" | $HtmlTags tag="strong" | html %]:

+

The following ids exist in both tables [% "items" | $HtmlTags tag="strong" %] and [% "deleteditems" | $HtmlTags tag="strong" %]:

[% FOR i IN ai_items %][% i.itemnumber | html %][% UNLESS loop.last %], [% END %][% END %]

[% END %] [% IF ai_checkouts %]

Checkouts

-

The following ids exist in both tables [% "issues" | $HtmlTags tag="strong" | html %] and [% "old_issues" | $HtmlTags tag="strong" | html %]:

+

The following ids exist in both tables [% "issues" | $HtmlTags tag="strong" %] and [% "old_issues" | $HtmlTags tag="strong" %]:

[% FOR c IN ai_checkouts %][% c.issue_id | html %][% UNLESS loop.last %], [% END %][% END %]

[% END %] [% IF ai_holds %]

Holds

-

The following ids exist in both tables [% "holds" | $HtmlTags tag="strong" | html %] and [% "old_reserves" | $HtmlTags tag="strong" | html %]:

+

The following ids exist in both tables [% "holds" | $HtmlTags tag="strong" %] and [% "old_reserves" | $HtmlTags tag="strong" %]:

[% FOR h IN ai_holds %][% h.reserve_id | html %][% UNLESS loop.last %], [% END %][% END %]

[% END %]
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/currency.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/currency.tt index 0b77dd22da..8de52996d2 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/currency.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/currency.tt @@ -18,7 +18,7 @@ [% INCLUDE 'currencies-admin-search.inc' %] @@ -126,7 +126,7 @@ [% IF op =='delete_confirm' %] [% IF nb_of_orders or nb_of_vendors %]
-

Cannot delete currency [% currency.currency | $HtmlTags tag='span' attributes=>'class="ex"' | html %]

+

Cannot delete currency [% currency.currency | $HtmlTags tag='span' attributes=>'class="ex"' %]

[% IF nb_of_orders %] This currency is used by [% nb_of_orders | html %] orders. @@ -141,7 +141,7 @@

[% ELSE %]
-

Confirm deletion of currency [% currency.currency | $HtmlTags tag='span' attributes=>'class="ex"' | html %]

+

Confirm deletion of currency [% currency.currency | $HtmlTags tag='span' attributes=>'class="ex"' %]

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/installer/step2.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/installer/step2.tt index f2c64c85f1..ec785a9546 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/installer/step2.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/installer/step2.tt @@ -12,11 +12,11 @@

Web installer › Database settings

Database settings:

    -
  • Database type: [%- dbms | $HtmlTags tag=>'code' | html -%]
  • -
  • Database name: [%- dbname | $HtmlTags tag=>'code' | html -%]
  • -
  • Database host: [%- hostname | $HtmlTags tag=>'code' | html -%]
  • -
  • Database port: [%- port| $HtmlTags tag=>'code' | html -%] (probably okay if blank)
  • -
  • Database user: [%- user | $HtmlTags tag=>'code' | html -%]
  • +
  • Database type: [%- dbms | $HtmlTags tag=>'code' -%]
  • +
  • Database name: [%- dbname | $HtmlTags tag=>'code' -%]
  • +
  • Database host: [%- hostname | $HtmlTags tag=>'code' -%]
  • +
  • Database port: [%- port| $HtmlTags tag=>'code' -%] (probably okay if blank)
  • +
  • Database user: [%- user | $HtmlTags tag=>'code' -%]
[% IF ( dbconnection ) %] @@ -25,14 +25,14 @@ [% IF ( checkdatabasecreated ) %]
    -
  • Database [% dbname | $HtmlTags tag=>'code' | html %] exists.
  • +
  • Database [% dbname | $HtmlTags tag=>'code' %] exists.
  • [% IF ( checkgrantaccess ) %] -
  • User [% user | $HtmlTags tag=>'code' | html %] has all required privileges on database [% dbname | $HtmlTags tag=>'code' | html %].
  • +
  • User [% user | $HtmlTags tag=>'code' %] has all required privileges on database [% dbname | $HtmlTags tag=>'code' %].
[% ELSE %] -

User [% user | $HtmlTags tag=>'code' | html %] doesn't have enough privilege on database [% dbname | $HtmlTags tag=>'code' | html %].

-

Ask for or make a change in the user's privileges. User [% user | $HtmlTags tag=>'code' | html %] must have USAGE, INSERT, UPDATE, DELETE, DROP and CREATE privileges on database [% dbname | $HtmlTags tag=>'code' | html %].

+

User [% user | $HtmlTags tag=>'code' %] doesn't have enough privilege on database [% dbname | $HtmlTags tag=>'code' %].

+

Ask for or make a change in the user's privileges. User [% user | $HtmlTags tag=>'code' %] must have USAGE, INSERT, UPDATE, DELETE, DROP and CREATE privileges on database [% dbname | $HtmlTags tag=>'code' %].

Need help? See manual for [% IF ( mysql ) %] MySQL [% ELSE %] @@ -41,7 +41,7 @@

[% END %] [% ELSE %] - +

Please create the database before continuing.

[% END %] [% ELSE %] @@ -50,7 +50,7 @@
  • Check that your database is running.
  • Check your database settings in [% 'koha-conf.xml' | $HtmlTags Tag=>'code' %].
  • -
  • Check the hostname setting in [% INCLUDE txt_kohaconf_xml %]. Some database servers require [% '127.0.0.1' | $HtmlTags tag=>'code' | html %] rather than [% 'localhost' | $HtmlTags tag=>'code' | html %].
  • +
  • Check the hostname setting in [% INCLUDE txt_kohaconf_xml %]. Some database servers require [% '127.0.0.1' | $HtmlTags tag=>'code' %] rather than [% 'localhost' | $HtmlTags tag=>'code' %].

Please correct these errors. Then start the installer again. -- 2.39.5

Currency [% currency.currency | html %]