From 9493814a230b89484bc504c416efe08255e3baf1 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Fri, 8 Jan 2021 14:15:07 +0100 Subject: [PATCH] Bug 20212: Use functions to escape variables Signed-off-by: Andrew Fuerste-Henry Signed-off-by: Martin Renvoize Signed-off-by: Jonathan Druart --- .../prog/en/modules/acqui/parcel.tt | 32 +++++++------------ 1 file changed, 12 insertions(+), 20 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/parcel.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/parcel.tt index b8f8d83296..68f66a94b2 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/parcel.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/parcel.tt @@ -468,6 +468,13 @@ return query_params; } + function _escape_str(s){ + return s != null ? s.escapeHtml() : ""; + } + function _escape_price(p){ + return p != null ? p.escapeHtml().format_price() : ""; + } + $(document).ready(function(){ if ( $("#receivedt").length ) { @@ -536,30 +543,20 @@ "columnDefs": [ { "targets": [3,4,5,9], "render": function (data, type, row, meta) { - if ( data != null ) { - return data.escapeHtml(); - } - else { - return ""; - } + return _escape_str(data); } }, { "targets": [8,10], "render": function (data, type, row, meta) { - if ( data != null ) { - return data.escapeHtml().format_price(); - } - else { - return ""; - } + return _escape_price(data); } } ], "columns": [ { "data": "basket.name", "orderable": true, "render": function(data, type, row, meta) { - if (type != 'display') return data; + if (type != 'display') return _escape_str(data); return "" + data.escapeHtml() + " (" + row.basket.basket_id.escapeHtml() + ")"; } }, @@ -567,12 +564,7 @@ "orderable": true, "render": function(data, type, row, meta) { if ( type != 'display' ) { - if ( data == null ) { - return ""; - } - else { - return data; - } + return _escape_str(data); } if ( row.basket.basket_group_id == null ) { return _("No basket group"); @@ -588,7 +580,7 @@ { "data": "order_id", "render": function(data, type, row, meta) { - if (type != 'display') return data; + if (type != 'display') return _escape_str(data); return ""+data.escapeHtml()+""; } }, -- 2.39.5