Bug 11322: rscrub bad data before storing suggestions in the DB

1/ In the public interface, add a suggestion containing html
2/ Save, notice the html is rendered (or if you have the other patches
is displayed)
3/ Apply this paget
4/ Add another suggestion
5/ Notice the html is stripped

Signed-off-by: David Cook <dcook@prosentient.com.au>

Works as described.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>

diff --git a/opac/opac-suggestions.pl b/opac/opac-suggestions.pl
index 32b5c3d..72383eb 100755 (executable)
--- a/opac/opac-suggestions.pl
+++ b/opac/opac-suggestions.pl
@@ -27,6 +27,7 @@ use C4::Output;
 use C4::Suggestions;
 use C4::Koha;
 use C4::Dates;
+use C4::Scrubber;
 
 my $input           = new CGI;
 my $allsuggestions  = $input->param('showall');
@@ -77,8 +78,13 @@ if ( $op eq "add_confirm" ) {
                #some suggestion are answering the request Donot Add
        }
        else {
+               my $scrubber = C4::Scrubber->new();
+               foreach my $suggest (keys %$suggestion){
+                   $suggestion->{$suggest} = $scrubber->scrub($suggestion->{$suggest});
+               }
                $$suggestion{'suggesteddate'}=C4::Dates->today;
                $$suggestion{'branchcode'}= $input->param('branch') || C4::Context->userenv->{"branch"};
+
                &NewSuggestion($suggestion);
                # empty fields, to avoid filter in "SearchSuggestion"
                $$suggestion{$_}='' foreach qw<title author publishercode copyrightdate place collectiontitle isbn STATUS>;