Bug 15722: Escape patron infos for JSON in patron searches

If patron infos contain invalid JSON chars (\t for instance), the
results won't appear.
The solution is to escape these info.

Test plan:
Edit patron infos in DB (update borrowers set surname="foobar\t" where
borrowernumber=42)
Search for foobar (you should have more than 1 result)
Without this patch, DT retrieves a bad formatted JSON and the results
won't appear.
With this patch, the table result appears

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit cd20b61a7c845110e518e6dedc12ac50efebe4aa)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit eba74c8e51a52432362150c38d674f661a6228e8)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/tables/members_results.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/tables/members_results.tt
index 681f1cd..ef325f3 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/tables/members_results.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/tables/members_results.tt
@@ -9,7 +9,7 @@
                 "dt_cardnumber":
                     "[% data.cardnumber %]",
                 "dt_name":
-                    "<span style='white-space:nowrap'><a href='/cgi-bin/koha/members/moremember.pl?borrowernumber=[% data.borrowernumber %]'>[% INCLUDE 'patron-title.inc' borrowernumber = data.borrowernumber category_type = data.category_type firstname = data.firstname surname = data.surname othernames = data.othernames cardnumber = data.cardnumber invert_name = 1%]</a></span>",
+                    "<span style='white-space:nowrap'><a href='/cgi-bin/koha/members/moremember.pl?borrowernumber=[% data.borrowernumber %]'>[% INCLUDE 'patron-title.inc' borrowernumber = data.borrowernumber category_type = data.category_type firstname = To.json(data.firstname) surname = To.json(data.surname) othernames = To.json(data.othernames) cardnumber = data.cardnumber invert_name = 1%]</a></span>",
                 "dt_branch":
                     "[% data.branchname |html %]",
                 "dt_category":

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/members_results.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/members_results.tt
index 7d5e962..5182892 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/members_results.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/members_results.tt
@@ -14,7 +14,7 @@
                 "dt_cardnumber":
                     "[% data.cardnumber | html %]",
                 "dt_name":
-                    "<span style='white-space:nowrap'><a href='/cgi-bin/koha/members/moremember.pl?borrowernumber=[% data.borrowernumber %]'>[% INCLUDE 'patron-title.inc' borrowernumber = data.borrowernumber category_type = data.category_type firstname = data.firstname surname = data.surname othernames = data.othernames invert_name = 1 %]</a><br />[% INCLUDE escape_address data = data %]</span>",
+                    "<span style='white-space:nowrap'><a href='/cgi-bin/koha/members/moremember.pl?borrowernumber=[% data.borrowernumber %]'>[% INCLUDE 'patron-title.inc' borrowernumber = data.borrowernumber category_type = data.category_type firstname = To.json(data.firstname) surname = To.json(data.surname) othernames = To.json(data.othernames) invert_name = 1 %]</a><br />[% INCLUDE escape_address data = data %]</span>",
                 "dt_category":
                     "[% data.category_description |html %] ([% data.category_type |html %])",
                 "dt_branch":

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/patroncards/tables/members_results.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/patroncards/tables/members_results.tt
index cbe741b..087aa8c 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/patroncards/tables/members_results.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/patroncards/tables/members_results.tt
@@ -9,7 +9,7 @@
                 "dt_cardnumber":
                     "[% data.cardnumber %]",
                 "dt_name":
-                    "<span style='white-space:nowrap'><a href='/cgi-bin/koha/members/moremember.pl?borrowernumber=[% data.borrowernumber %]'>[% INCLUDE 'patron-title.inc' borrowernumber = data.borrowernumber category_type = data.category_type firstname = data.firstname surname = data.surname othernames = data.othernames cardnumber = data.cardnumber invert_name = 1%]</a></span>",
+                    "<span style='white-space:nowrap'><a href='/cgi-bin/koha/members/moremember.pl?borrowernumber=[% data.borrowernumber %]'>[% INCLUDE 'patron-title.inc' borrowernumber = data.borrowernumber category_type = data.category_type firstname = To.json(data.firstname) surname = To.json(data.surname) othernames = To.json(data.othernames) cardnumber = data.cardnumber invert_name = 1%]</a></span>",
                 "dt_category":
                     "[% data.category_description |html %] ([% data.category_type |html %])",
                 "dt_branch":

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/serials/tables/members_results.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/serials/tables/members_results.tt
index 840b391..b5096c6 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/serials/tables/members_results.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/serials/tables/members_results.tt
@@ -9,7 +9,7 @@
                 "dt_cardnumber":
                     "[% data.cardnumber %]",
                 "dt_name":
-                    "<span style='white-space:nowrap'><a href='/cgi-bin/koha/members/moremember.pl?borrowernumber=[% data.borrowernumber %]'>[% INCLUDE 'patron-title.inc' borrowernumber = data.borrowernumber category_type = data.category_type firstname = data.firstname surname = data.surname othernames = data.othernames cardnumber = data.cardnumber invert_name = 1%]</a></span>",
+                    "<span style='white-space:nowrap'><a href='/cgi-bin/koha/members/moremember.pl?borrowernumber=[% data.borrowernumber %]'>[% INCLUDE 'patron-title.inc' borrowernumber = data.borrowernumber category_type = data.category_type firstname = To.json(data.firstname) surname = To.jon(data.surname) othernames = To.json(data.othernames) cardnumber = data.cardnumber invert_name = 1%]</a></span>",
                 "dt_branch":
                     "[% data.branchname |html %]",
                 "dt_action":