In preparation to test this patch:
- Add a patron list named <script>alert("patron list")</script>
- Add a library named <script>alert("library")</script>
- Add a patron category named <script>alert("patron category")</script>
To test:
- Access patron search page and do a search
- Verify that the alerts added above are executed
- Apply patch
- Verify that no alerts are displayed
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit
849eaf73fc419b9a635a1ba4b69ef46a7544e55a)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit
2b0bd9add5deae0ab5bee79ee75a6cb769d0dea8)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
[% IF l.selected %]
<option value="[% l.branchcode | html %]" selected="selected">[% l.branchname %]</option>
[% ELSE %]
- <option value="[% l.branchcode | html %]">[% l.branchname %]</option>
+ <option value="[% l.branchcode | html %]">[% l.branchname |html %]</option>
[% END%]
[% END %]
[% END %]
[% IF b.selected %]
<option value="[% b.branchcode %]" selected="selected">[% b.branchname %]</option>
[% ELSE %]
- <option value="[% b.branchcode %]">[% b.branchname %]</option>
+ <option value="[% b.branchcode %]">[% b.branchname |html %]</option>
[% END %]
[% END %]
</select>
<option value="">Any</option>
[% FOREACH category IN categories %]
[% IF category.categorycode == categorycode_filter %]
- <option value="[% category.categorycode %]" selected="selected">[% category.description %]</option>
+ <option value="[% category.categorycode %]" selected="selected">[% category.description |html %]</option>
[% ELSE %]
- <option value="[% category.categorycode %]">[% category.description %]</option>
+ <option value="[% category.categorycode %]">[% category.description |html %]</option>
[% END %]
[% END %]
</select>
<div class="btn-group">
<button class="btn btn-small dropdown-toggle" data-toggle="dropdown"><i class="fa fa-plus"></i> New patron <span class="caret"></span></button>
<ul class="dropdown-menu">
- [% FOREACH category IN categories %]<li><a href="/cgi-bin/koha/members/memberentry.pl?op=add&categorycode=[% category.categorycode %]">[% category.description %]</a></li>[% END %]
+ [% FOREACH category IN categories %]<li><a href="/cgi-bin/koha/members/memberentry.pl?op=add&categorycode=[% category.categorycode %]">[% category.description |html %]</a></li>[% END %]
</ul>
</div>
[% IF Koha.Preference('PatronQuickAddFields') || Koha.Preference('BorrowerMandatoryField') %]
<div class="btn-group">
<button class="btn btn-small dropdown-toggle" data-toggle="dropdown"><i class="fa fa-plus"></i> Quick add new patron <span class="caret"></span></button>
<ul class="dropdown-menu">
- [% FOREACH category IN categories %]<li><a href="/cgi-bin/koha/members/memberentry.pl?op=add&categorycode=[% category.categorycode %]&quickadd=true">[% category.description %]</a></li>[% END %]
+ [% FOREACH category IN categories %]<li><a href="/cgi-bin/koha/members/memberentry.pl?op=add&categorycode=[% category.categorycode %]&quickadd=true">[% category.description |html %]</a></li>[% END %]
</ul>
</div>
[% END %]
[% IF patron_lists %]
<optgroup label="Patron lists:">
[% FOREACH pl IN patron_lists %]
- <option value="[% pl.patron_list_id %]">[% pl.name %]</option>
+ <option value="[% pl.patron_list_id %]">[% pl.name |html %]</option>
[% END %]
</optgroup>
[% END %]
<option value="">Any</option>
[% FOREACH cat IN categories %]
[% IF cat.categorycode == categorycode_filter %]
- <option selected="selected" value="[% cat.categorycode %]">[% cat.description %]</option>
+ <option selected="selected" value="[% cat.categorycode %]">[% cat.description |html %]</option>
[% ELSE %]
- <option value="[% cat.categorycode %]">[% cat.description %]</option>
+ <option value="[% cat.categorycode %]">[% cat.description |html %]</option>
[% END %]
[% END %]
</select>
projects / koha.git / commitdiff