[Koha-bugs] [Bug 22369] New: Guarantor search broken by double quotes in address
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Feb 19 13:51:04 CET 2019
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22369
Bug ID: 22369
Summary: Guarantor search broken by double quotes in address
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5 - low
Component: Patrons
Assignee: koha-bugs at lists.koha-community.org
Reporter: fridolin.somers at biblibre.com
QA Contact: testopia at bugs.koha-community.org
CC: gmcharlt at gmail.com, kyle.m.hall at gmail.com
Target Milestone: ---
Guarantor search uses Ajax to build patrons search results table.
This uses a complex multi escape layers :
intranet-tmpl/prog/en/modules/members/tables/guarantor_search.tt :
"<a href=\"#\" class=\"btn btn-default btn-xs select_user\"
data-borrowernumber=\"[% data.borrowernumber | html %]\">Select</a><input
type=\"hidden\" id=\"borrower_data[% data.borrowernumber | html %]\"
name=\"borrower_data[% data.borrowernumber | html %]\" value=\"[% To.json(data)
| html %]\" />"
This is broken if the found guarantor address contains a double quote.
I think because it is JSON converted to \" and then html converted to \"
which is a non valid JSON.
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list