From 48b339980e20bdefb21141d537c283d15e267d93 Mon Sep 17 00:00:00 2001 From: Chris Cormack Date: Tue, 3 Dec 2013 12:01:23 +1300 Subject: [PATCH] Bug 11322: rscrub bad data before storing suggestions in the DB 1/ In the public interface, add a suggestion containing html 2/ Save, notice the html is rendered (or if you have the other patches is displayed) 3/ Apply this paget 4/ Add another suggestion 5/ Notice the html is stripped Signed-off-by: David Cook Works as described. Signed-off-by: Katrin Fischer Signed-off-by: Galen Charlton --- opac/opac-suggestions.pl | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/opac/opac-suggestions.pl b/opac/opac-suggestions.pl index 32b5c3d221..72383eb1c5 100755 --- a/opac/opac-suggestions.pl +++ b/opac/opac-suggestions.pl @@ -27,6 +27,7 @@ use C4::Output; use C4::Suggestions; use C4::Koha; use C4::Dates; +use C4::Scrubber; my $input = new CGI; my $allsuggestions = $input->param('showall'); @@ -77,8 +78,13 @@ if ( $op eq "add_confirm" ) { #some suggestion are answering the request Donot Add } else { + my $scrubber = C4::Scrubber->new(); + foreach my $suggest (keys %$suggestion){ + $suggestion->{$suggest} = $scrubber->scrub($suggestion->{$suggest}); + } $$suggestion{'suggesteddate'}=C4::Dates->today; $$suggestion{'branchcode'}= $input->param('branch') || C4::Context->userenv->{"branch"}; + &NewSuggestion($suggestion); # empty fields, to avoid filter in "SearchSuggestion" $$suggestion{$_}='' foreach qw; -- 2.39.5