From f6adfb4257d0326a101771246777b10965632bc8 Mon Sep 17 00:00:00 2001
From: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Date: Wed, 3 Jan 2018 16:15:18 -0300
Subject: [PATCH] Bug 19911: Escape password value during self-registration
 confirmation

The password must be correctly escape, it can contains html character
and break the display.

Test plan:
Apply first patch and confirm that the display is broken
Apply second patch (this one) and confirm that the display is fixed

Signed-off-by: Arturo <alongoria@sll.texas.gov>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
---
 .../bootstrap/en/modules/opac-registration-confirmation.tt    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-registration-confirmation.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-registration-confirmation.tt
index 507a84e5d6..464505dab8 100644
--- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-registration-confirmation.tt
+++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-registration-confirmation.tt
@@ -42,7 +42,7 @@
                             </p>
                             <p id="patron-password-p">
                                 <span id="patron-password-label">Password:</span>
-                                <span id="patron-password">[% password_cleartext %]</span>
+                                <span id="patron-password">[% password_cleartext | html %]</span>
                             </p>
 
                             [% IF borrower.cardnumber %]
@@ -78,7 +78,7 @@
                                                     [% END %]
                                                     <label for="password">Password:</label>
                                                     [% IF Koha.Preference('PatronSelfRegistrationPrefillForm') %]
-                                                        <input type="password" id="password" size="10" name="password" value="[% password_cleartext %]" />
+                                                        <input type="password" id="password" size="10" name="password" value="[% password_cleartext | html %]" />
                                                     [% ELSE %]
                                                         <input type="password" id="password" size="10" name="password" value="" />
                                                     [% END %]
-- 
2.39.5