[Koha-bugs] [Bug 22369] New: Guarantor search broken by double quotes in address

Tue Feb 19 13:51:04 CET 2019

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22369

            Bug ID: 22369
           Summary: Guarantor search broken by double quotes in address
 Change sponsored?: ---
           Product: Koha
           Version: master
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5 - low
         Component: Patrons
          Assignee: koha-bugs at lists.koha-community.org
          Reporter: fridolin.somers at biblibre.com
        QA Contact: testopia at bugs.koha-community.org
                CC: gmcharlt at gmail.com, kyle.m.hall at gmail.com
  Target Milestone: ---

Guarantor search uses Ajax to build patrons search results table.
This uses a complex multi escape layers :
intranet-tmpl/prog/en/modules/members/tables/guarantor_search.tt : 
"<a href=\"#\" class=\"btn btn-default btn-xs select_user\"
data-borrowernumber=\"[% data.borrowernumber | html %]\">Select</a><input
type=\"hidden\" id=\"borrower_data[% data.borrowernumber | html %]\"
name=\"borrower_data[% data.borrowernumber | html %]\" value=\"[% To.json(data)
| html %]\" />"

This is broken if the found guarantor address contains a double quote.
I think because it is JSON converted to \" and then html converted to \"
which is a non valid JSON.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.