Bug 22781: Test patron's info filtering

The patron's data was not correctly escaped actually.

Test plan:
This is a good value for the whole patchset: <strong>fir's"tname</strong> \123 ❤
use it for a patron's firstname, then do a search

Signed-off-by: Liz Rea <wizzyrea@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
(cherry picked from commit 35d00030ceb572822979300a5291356a32427a16)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

 Conflicts:
	koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/members_results.tt

Signed-off-by: Liz Rea <liz@bywatersolutions.com>

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/members_results.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/members_results.tt
index bb0e176..8222640 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/members_results.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/members_results.tt
@@ -16,7 +16,7 @@
                 "dt_cardnumber":
                     "[% data.cardnumber | html | $To %]",
                 "dt_name":
-                    "<span style='white-space:nowrap'><a href='/cgi-bin/koha/members/moremember.pl?borrowernumber=[% data.borrowernumber %]'>[% INCLUDE 'patron-title.inc' borrowernumber = data.borrowernumber category_type = data.category_type firstname = To.json(data.firstname) surname = To.json(data.surname) othernames = To.json(data.othernames) invert_name = 1 %]</a><br />[% INCLUDE escape_address data = data %][% IF data.email %]<br/>Email: <a href='mailto:[% data.email | html %]'>[% data.email | html %]</a>[% END %]</span>",
+                    "<a href=\"/cgi-bin/koha/members/moremember.pl?borrowernumber=[% data.borrowernumber | html %]\" class=\"patron_preview\" data-borrowernumber=\"[% data.borrowernumber | html %]\" style='white-space:nowrap'>[% INCLUDE 'patron-title.inc' borrowernumber = data.borrowernumber category_type = data.category_type firstname = data.firstname surname = data.surname othernames = data.othernames invert_name = 1 | $To %]</a><br />[% INCLUDE escape_address data = data %][% IF data.email %]<br/>Email: <a href='mailto:[% data.email | html %]'>[% data.email | html %]</a>[% END %]",
     "dt_dateofbirth":
         "[% data.dateofbirth | $KohaDates %]",
                 "dt_category":

diff --git a/t/db_dependent/selenium/patrons_search.t b/t/db_dependent/selenium/patrons_search.t
index 6cd8311..8ea5f86 100644 (file)
--- a/t/db_dependent/selenium/patrons_search.t
+++ b/t/db_dependent/selenium/patrons_search.t
@@ -40,12 +40,13 @@ my $builder       = t::lib::TestBuilder->new;
 
 our @cleanup;
 subtest 'Search patrons' => sub {
-    plan tests => 3;
+    plan tests => 4;
 
     my @patrons;
     my $borrowernotes           = q|<strong>just 'a" note</strong> \123 ❤|;
     my $borrowernotes_displayed = q|just 'a" note \123 ❤|;
-    my $branchname      = q|<strong>just 'another" library</strong> \123 ❤|;
+    my $branchname = q|<strong>just 'another" library</strong> \123 ❤|;
+    my $firstname  = q|<strong>fir's"tname</strong> \123 ❤|;
     my $patron_category = $builder->build_object(
         { class => 'Koha::Patron::Categories', category_type => 'A' } );
     my $library = $builder->build_object(
@@ -58,6 +59,7 @@ subtest 'Search patrons' => sub {
                 class => 'Koha::Patrons',
                 value => {
                     surname       => "test_patron_" . $i++,
+                    firstname     => $firstname,
                     categorycode  => $patron_category->categorycode,
                     branchcode    => $library->branchcode,
                     borrowernotes => $borrowernotes,
@@ -73,6 +75,9 @@ subtest 'Search patrons' => sub {
     my $first_patron = $patrons[0];
 
     my @td = $driver->find_elements('//table[@id="memberresultst"]/tbody/tr/td');
+    like ($td[2]->get_text, qr[\Q$firstname\E],
+        'Column "Name" should be the 3rd and contain the firstname correctly filtered'
+    );
     is( $td[5]->get_text, $branchname,
         'Column "Library" should be the 6th and contain the html tags - they have been html filtered'
     );