From 3a3057545c56f4f1a41fcd7643265204844cd2d3 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Wed, 1 May 2019 20:28:04 -0400 Subject: [PATCH] Bug 22781: Escape cardnumber, category's description, library's name and dateexpiry This will fix the previous failure. Note that other fields like borrowernumber, Price escaped values, integers, etc. could be escaped the same way but will be useless (save polar bears). Signed-off-by: Liz Rea Signed-off-by: Katrin Fischer Signed-off-by: Nick Clemens --- .../prog/en/modules/members/tables/members_results.tt | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/members_results.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/members_results.tt index 662f78bcf9..4b4129e1ea 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/members_results.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/members_results.tt @@ -15,17 +15,17 @@ "", [% END %] "dt_cardnumber": - "[% data.cardnumber | html %]", + "[% data.cardnumber | html | $To %]", "dt_name": "[% INCLUDE 'patron-title.inc' borrowernumber = data.borrowernumber category_type = data.category_type firstname = To.json(data.firstname) surname = To.json(data.surname) othernames = To.json(data.othernames) invert_name = 1 %]
[% INCLUDE escape_address data = data %][% IF data.email %]
Email: [% data.email | html %][% END %]", "dt_dateofbirth": "[% data.dateofbirth | $KohaDates %]", "dt_category": - "[% data.category_description | html %] ([% data.category_type | html %])", + "[% data.category_description | html | $To %] ([% data.category_type | html | $To %])", "dt_branch": - "[% data.branchname | html %]", + "[% data.branchname | html | $To %]", "dt_dateexpiry": - "[% data.dateexpiry | html %]", + "[% data.dateexpiry | html | $To %]", "dt_od_checkouts": "[% IF data.overdues %][% data.overdues | html %][% ELSE %][% data.overdues | html %][% END %] / [% data.issues | html %]", "dt_fines": -- 2.39.5