From 35d00030ceb572822979300a5291356a32427a16 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Wed, 1 May 2019 20:29:05 -0400 Subject: [PATCH] Bug 22781: Test patron's info filtering MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The patron's data was not correctly escaped actually. Test plan: This is a good value for the whole patchset: fir's"tname \123 ❤ use it for a patron's firstname, then do a search Signed-off-by: Liz Rea Signed-off-by: Katrin Fischer Signed-off-by: Nick Clemens --- .../prog/en/modules/members/tables/members_results.tt | 2 +- t/db_dependent/selenium/patrons_search.t | 9 +++++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/members_results.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/members_results.tt index 4b4129e1ea..0020f7511d 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/members_results.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/members_results.tt @@ -17,7 +17,7 @@ "dt_cardnumber": "[% data.cardnumber | html | $To %]", "dt_name": - "[% INCLUDE 'patron-title.inc' borrowernumber = data.borrowernumber category_type = data.category_type firstname = To.json(data.firstname) surname = To.json(data.surname) othernames = To.json(data.othernames) invert_name = 1 %]
[% INCLUDE escape_address data = data %][% IF data.email %]
Email: [% data.email | html %][% END %]", + "[% INCLUDE 'patron-title.inc' borrowernumber = data.borrowernumber category_type = data.category_type firstname = data.firstname surname = data.surname othernames = data.othernames invert_name = 1 | $To %]
[% INCLUDE escape_address data = data %][% IF data.email %]
Email: [% data.email | html %][% END %]", "dt_dateofbirth": "[% data.dateofbirth | $KohaDates %]", "dt_category": diff --git a/t/db_dependent/selenium/patrons_search.t b/t/db_dependent/selenium/patrons_search.t index 6cd831118c..8ea5f869ca 100644 --- a/t/db_dependent/selenium/patrons_search.t +++ b/t/db_dependent/selenium/patrons_search.t @@ -40,12 +40,13 @@ my $builder = t::lib::TestBuilder->new; our @cleanup; subtest 'Search patrons' => sub { - plan tests => 3; + plan tests => 4; my @patrons; my $borrowernotes = q|just 'a" note \123 ❤|; my $borrowernotes_displayed = q|just 'a" note \123 ❤|; - my $branchname = q|just 'another" library \123 ❤|; + my $branchname = q|just 'another" library \123 ❤|; + my $firstname = q|fir's"tname \123 ❤|; my $patron_category = $builder->build_object( { class => 'Koha::Patron::Categories', category_type => 'A' } ); my $library = $builder->build_object( @@ -58,6 +59,7 @@ subtest 'Search patrons' => sub { class => 'Koha::Patrons', value => { surname => "test_patron_" . $i++, + firstname => $firstname, categorycode => $patron_category->categorycode, branchcode => $library->branchcode, borrowernotes => $borrowernotes, @@ -73,6 +75,9 @@ subtest 'Search patrons' => sub { my $first_patron = $patrons[0]; my @td = $driver->find_elements('//table[@id="memberresultst"]/tbody/tr/td'); + like ($td[2]->get_text, qr[\Q$firstname\E], + 'Column "Name" should be the 3rd and contain the firstname correctly filtered' + ); is( $td[5]->get_text, $branchname, 'Column "Library" should be the 6th and contain the html tags - they have been html filtered' ); -- 2.39.5