To replicate:
Edit a patron to have a circ note, include quoted text in it, such as "this is quoted string"
Go to the patron search, search for a set of results that would include the patron with the quotes in the note
Enjoy looking at "Processing" for forever.
Test Plan:
1) Apply this patch
2) Attempt to replicate using the steps above
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
I took this a step further and used <script>"something in
quotes"</script> for my test note and this worked just fine. YAY.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
"dt_fines":
"<span style='text-align: right; display: block;'>[% IF data.fines < 0 %]<span class='credit'>[% data.fines | $Price %]</span> [% ELSIF data.fines > 0 %] <span class='debit'><strong>[% data.fines | $Price %]</strong></span> [% ELSE %] [% data.fines | $Price %] [% END %]</span>",
"dt_borrowernotes":
- "[% data.borrowernotes.replace('\\\\' , '\\\\') |html_line_break |collapse %]",
+ "[% data.borrowernotes | html_line_break | collapse | html | $To %]",
"dt_action":
"<a href='/cgi-bin/koha/members/memberentry.pl?op=modify&destination=circ&borrowernumber=[% data.borrowernumber | html %]' class='btn btn-default btn-xs'><i class='fa fa-pencil'></i> Edit</a>",
"borrowernumber":