From 48173560ba583da4fe6d3f2ba2f071573b4b927e Mon Sep 17 00:00:00 2001 From: =?utf8?q?Fr=C3=A8re=20S=C3=A9bastien=20Marie?= Date: Sun, 4 Dec 2011 18:14:09 +0100 Subject: [PATCH] Bug 7316 - Missing escaping in search results Two parameters are now escaped in title (html element): - query_desc - limit_desc This is a security correction against XSS. Signed-off-by: Owen Leonard Signed-off-by: Paul Poulain --- koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/results.tt | 2 +- koha-tmpl/opac-tmpl/prog/en/modules/opac-results-grouped.tt | 2 +- koha-tmpl/opac-tmpl/prog/en/modules/opac-results.tt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/results.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/results.tt index 2bed51c275..9b4f01f4e6 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/results.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/results.tt @@ -1,5 +1,5 @@ [% INCLUDE 'doc-head-open.inc' %] -Koha › Catalog › [% IF ( searchdesc ) %]Results of Search [% IF ( query_desc ) %]for '[% query_desc %]'[% END %][% IF ( limit_desc ) %] with limit(s): '[% limit_desc %]'[% END %][% ELSE %]You did not specify any search criteria[% END %] +Koha › Catalog › [% IF ( searchdesc ) %]Results of Search [% IF ( query_desc ) %]for '[% query_desc | html %]'[% END %][% IF ( limit_desc ) %] with limit(s): '[% limit_desc | html %]'[% END %][% ELSE %]You did not specify any search criteria[% END %] [% INCLUDE 'doc-head-close.inc' %]