Bug 22715: Searching for patrons with "" in the circulation note hangs patron search

To replicate:
Edit a patron to have a circ note, include quoted text in it, such as "this is quoted string"
Go to the patron search, search for a set of results that would include the patron with the quotes in the note
Enjoy looking at "Processing" for forever.

Test Plan:
1) Apply this patch
2) Attempt to replicate using the steps above

Signed-off-by: Liz Rea <wizzyrea@gmail.com>
I took this a step further and used <script>"something in
quotes"</script> for my test note and this worked just fine. YAY.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/members_results.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/members_results.tt
index 607146e..15b7c67 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/members_results.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/members_results.tt
@@ -31,7 +31,7 @@
                 "dt_fines":
                     "<span style='text-align: right; display: block;'>[% IF data.fines < 0 %]<span class='credit'>[% data.fines | $Price %]</span> [% ELSIF data.fines > 0 %] <span class='debit'><strong>[% data.fines | $Price %]</strong></span> [% ELSE %] [% data.fines | $Price %] [% END %]</span>",
                 "dt_borrowernotes":
-                    "[% data.borrowernotes.replace('\\\\' , '\\\\') |html_line_break |collapse %]",
+                    "[% data.borrowernotes | html_line_break | collapse | html | $To %]",
                 "dt_action":
                     "<a href='/cgi-bin/koha/members/memberentry.pl?op=modify&amp;destination=circ&amp;borrowernumber=[% data.borrowernumber | html %]' class='btn btn-default btn-xs'><i class='fa fa-pencil'></i> Edit</a>",
                 "borrowernumber":