Bug 19108: (follow-up) Stored XSS in biblio_framework.pl

Prevent software error
Template process failed: undef error - text: filter not found at
/home/vagrant/kohaclone/C4/Templates.pm line 121.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit f904b019f77cd19ca0373f9635811a634ac73321)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit d5c7edc55da6aaf78d25d131ebb35ab659a0084d)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/biblio_framework.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/biblio_framework.tt
index 15bab1d..cdea97d 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/biblio_framework.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/biblio_framework.tt
@@ -107,7 +107,7 @@
     <div class="dialog alert">
         [% IF biblios_use_this_framework %]
             <h3>This framework cannot be deleted</h3>
-            <p><strong><span class="ex">[% framework.frameworktext |text %] ([% framework.frameworkcode %])</span></strong></p>
+            <p><strong><span class="ex">[% framework.frameworktext |html %] ([% framework.frameworkcode %])</span></strong></p>
             <p>The framework is used [% biblios_use_this_framework %] times.</p>
             <form action="/cgi-bin/koha/admin/biblio_framework.pl" method="get">
                 <button type="submit"><i class="fa fa-fw fa-arrow-left"></i> Return to frameworks</button>