[Koha-patches] [PATCH] Bug 2847 - partial fix. escaping changes
Cory Jaeger
cjaeger at dce.k12.wi.us
Mon Apr 20 18:13:37 CEST 2009
Added html and url escaping to some template variables which were
not being escaped. Only fixes categorie.tmpl. Many other templates
need to be updated yet.
---
.../prog/en/modules/admin/categorie.tmpl | 34 ++++++++++----------
1 files changed, 17 insertions(+), 17 deletions(-)
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/categorie.tmpl b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/categorie.tmpl
index 92f6e30..81b8962 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/categorie.tmpl
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/categorie.tmpl
@@ -1,7 +1,7 @@
<!-- TMPL_INCLUDE NAME="doc-head-open.inc" -->
-<title>Koha › Administration › Patron Categories › <!-- TMPL_IF NAME="add_form" --><!-- TMPL_IF NAME="categorycode" -->Modify category '<!-- TMPL_VAR NAME="categorycode" -->'<!-- TMPL_ELSE -->New category<!-- /TMPL_IF --><!-- /TMPL_IF -->
+<title>Koha › Administration › Patron Categories › <!-- TMPL_IF NAME="add_form" --><!-- TMPL_IF NAME="categorycode" -->Modify category '<!-- TMPL_VAR NAME="categorycode" escape="html" -->'<!-- TMPL_ELSE -->New category<!-- /TMPL_IF --><!-- /TMPL_IF -->
<!-- TMPL_IF NAME="add_validate" -->Data recorded<!-- /TMPL_IF -->
-<!-- TMPL_IF NAME="delete_confirm" --><!-- TMPL_IF NAME="totalgtzero" -->Cannot Delete: Category <!-- TMPL_VAR NAME="categorycode" --> in Use<!-- TMPL_ELSE -->Confirm Deletion of Category '<!-- TMPL_VAR NAME="categorycode" -->'<!-- /TMPL_IF --><!-- /TMPL_IF -->
+<!-- TMPL_IF NAME="delete_confirm" --><!-- TMPL_IF NAME="totalgtzero" -->Cannot Delete: Category <!-- TMPL_VAR NAME="categorycode" escape="html" --> in Use<!-- TMPL_ELSE -->Confirm Deletion of Category '<!-- TMPL_VAR NAME="categorycode" escape="html" -->'<!-- /TMPL_IF --><!-- /TMPL_IF -->
<!-- TMPL_IF NAME="delete_confirmed" -->Category Deleted<!-- /TMPL_IF --></title>
<!-- TMPL_INCLUDE NAME="doc-head-close.inc" -->
<script type="text/javascript">
@@ -74,9 +74,9 @@
<!-- TMPL_INCLUDE NAME="header.inc" -->
<!-- TMPL_INCLUDE NAME="patrons-admin-search.inc" -->
-<div id="breadcrumbs"><a href="/cgi-bin/koha/mainpage.pl">Home</a> › <a href="/cgi-bin/koha/admin/admin-home.pl">Administration</a> › <!-- TMPL_IF NAME="add_form" --> <a href="/cgi-bin/koha/admin/categorie.pl">Patron Categories</a> › <!-- TMPL_IF NAME="categorycode" -->Modify category '<!-- TMPL_VAR NAME="categorycode" -->'<!-- TMPL_ELSE -->New category<!-- /TMPL_IF --><!-- /TMPL_IF -->
+<div id="breadcrumbs"><a href="/cgi-bin/koha/mainpage.pl">Home</a> › <a href="/cgi-bin/koha/admin/admin-home.pl">Administration</a> › <!-- TMPL_IF NAME="add_form" --> <a href="/cgi-bin/koha/admin/categorie.pl">Patron Categories</a> › <!-- TMPL_IF NAME="categorycode" -->Modify category '<!-- TMPL_VAR NAME="categorycode" escape="html" -->'<!-- TMPL_ELSE -->New category<!-- /TMPL_IF --><!-- /TMPL_IF -->
<!-- TMPL_IF NAME="add_validate" --> <a href="/cgi-bin/koha/admin/categorie.pl">Patron Categories</a> › Data recorded<!-- /TMPL_IF -->
-<!-- TMPL_IF NAME="delete_confirm" --> <a href="/cgi-bin/koha/admin/categorie.pl">Patron Categories</a> › <!-- TMPL_IF NAME="totalgtzero" -->Cannot Delete: Category <!-- TMPL_VAR NAME="categorycode" --> in Use<!-- TMPL_ELSE -->Confirm Deletion of Category '<!-- TMPL_VAR NAME="categorycode" -->'<!-- /TMPL_IF --><!-- /TMPL_IF -->
+<!-- TMPL_IF NAME="delete_confirm" --> <a href="/cgi-bin/koha/admin/categorie.pl">Patron Categories</a> › <!-- TMPL_IF NAME="totalgtzero" -->Cannot Delete: Category <!-- TMPL_VAR NAME="categorycode" escape="html" --> in Use<!-- TMPL_ELSE -->Confirm Deletion of Category '<!-- TMPL_VAR NAME="categorycode" escape="html" -->'<!-- /TMPL_IF --><!-- /TMPL_IF -->
<!-- TMPL_IF NAME="delete_confirmed" --> <a href="/cgi-bin/koha/admin/categorie.pl">Patron Categories</a> › Category Deleted<!-- /TMPL_IF -->
<!-- TMPL_IF NAME="else" -->Patron Categories<!-- /TMPL_IF --></div>
@@ -95,18 +95,18 @@
<input type="hidden" name="op" value="add_validate" />
<input type="hidden" name="checked" value="0" />
<!-- TMPL_IF NAME="categorycode" -->
- <h1>Modify category <!-- TMPL_VAR NAME="categorycode" --></h1>
+ <h1>Modify category <!-- TMPL_VAR NAME="categorycode" escape="html" --></h1>
<!-- TMPL_ELSE -->
<h1>New category</h1>
<!-- /TMPL_IF -->
<fieldset class="rows">
<ol><!-- TMPL_IF NAME="categorycode" -->
- <li><span class="label">Category code</span><!-- TMPL_VAR NAME="categorycode" -->
- <input type="hidden" name="categorycode" value="<!-- TMPL_VAR NAME="categorycode" -->" /><input type="hidden" name="is_a_modif" value="1" /></li>
+ <li><span class="label">Category code</span><!-- TMPL_VAR NAME="categorycode" escape="html" -->
+ <input type="hidden" name="categorycode" value="<!-- TMPL_VAR NAME="categorycode" escape="html" -->" /><input type="hidden" name="is_a_modif" value="1" /></li>
<!-- TMPL_ELSE -->
<li><label for="categorycode">Category code: </label> <input type="text" name="categorycode" id="categorycode" size="10" maxlength="10" onblur="toUC(this)" /></li>
<!-- /TMPL_IF -->
- <li><label for="description">Description: </label> <input type="text" name="description" id="description" size="40" maxlength="80" value="<!-- TMPL_VAR NAME="description" -->" /></li>
+ <li><label for="description">Description: </label> <input type="text" name="description" id="description" size="40" maxlength="80" value="<!-- TMPL_VAR NAME="description" escape="html" -->" /></li>
<li><label for="enrolmentperiod">Enrollment period: </label> <input type="text" name="enrolmentperiod" id="enrolmentperiod" size="3" maxlength="3" value="<!-- TMPL_VAR NAME="enrolmentperiod" -->" /> months</li>
<li><label for="dateofbirthrequired">Age required: </label> <input type="text" name="dateofbirthrequired" id="dateofbirthrequired" value="<!-- TMPL_VAR NAME="dateofbirthrequired" -->" size="3" maxlength="3" /> years</li>
<li><label for="upperagelimit">Upperage limit: </label> <input type="text" name="upperagelimit" id="upperagelimit" size="3" maxlength="3" value="<!-- TMPL_VAR NAME="upperagelimit" -->" /> years</li>
@@ -151,13 +151,13 @@
<form action="<!-- TMPL_VAR NAME="script_name" -->" method="post">
<fieldset><legend>
<!-- TMPL_IF NAME="totalgtzero" -->
- Category <!-- TMPL_VAR NAME="categorycode" --> is in use. Deletion not possible!<!-- TMPL_ELSE -->
-Confirm Deletion of Category <!-- TMPL_VAR NAME="categorycode" --><!-- /TMPL_IF --></legend>
+ Category <!-- TMPL_VAR NAME="categorycode" escape="html" --> is in use. Deletion not possible!<!-- TMPL_ELSE -->
+Confirm Deletion of Category <!-- TMPL_VAR NAME="categorycode" escape="html" --><!-- /TMPL_IF --></legend>
<!-- TMPL_IF NAME="totalgtzero" --><div class="dialog alert"><strong>This category is used <!-- TMPL_VAR NAME="total" --> times</strong>. Deletion not possible</div><!-- /TMPL_IF -->
<table>
- <tr><th scope="row">Category code: </th><td><!-- TMPL_VAR NAME="categorycode" --></td></tr>
- <tr><th scope="row">Description: </th><td><!-- TMPL_VAR NAME="description" --></td></tr>
+ <tr><th scope="row">Category code: </th><td><!-- TMPL_VAR NAME="categorycode" escape="html" --></td></tr>
+ <tr><th scope="row">Description: </th><td><!-- TMPL_VAR NAME="description" escape="html" --></td></tr>
<tr><th scope="row">Enrollment period: </th><td><!-- TMPL_VAR NAME="enrolmentperiod" --> months</td></tr>
<tr><th scope="row">Age required: </th><td><!-- TMPL_VAR NAME="dateofbirthrequired" --> years</td></tr>
<tr><th scope="row">Upperage limit: </th><td><!-- TMPL_VAR NAME="upperagelimit" --> years</td></tr>
@@ -169,7 +169,7 @@ Confirm Deletion of Category <!-- TMPL_VAR NAME="categorycode" --><!-- /TMPL_IF
<input type="submit" value="OK" /></form>
<!-- TMPL_ELSE -->
<input type="hidden" name="op" value="delete_confirmed" />
- <input type="hidden" name="categorycode" value="<!-- TMPL_VAR NAME="categorycode" -->" /> <input type="submit" value="Delete this Category" /> <a class="cancel" href="/cgi-bin/koha/admin/categorie.pl">Cancel</a>
+ <input type="hidden" name="categorycode" value="<!-- TMPL_VAR NAME="categorycode" escape="html" -->" /> <input type="submit" value="Delete this Category" /> <a class="cancel" href="/cgi-bin/koha/admin/categorie.pl">Cancel</a>
<!-- /TMPL_IF --></fieldset></fieldset></form>
<!-- /TMPL_IF -->
@@ -225,9 +225,9 @@ Confirm Deletion of Category <!-- TMPL_VAR NAME="categorycode" --><!-- /TMPL_IF
</tr>
<!-- TMPL_LOOP NAME="loop" -->
<!-- TMPL_IF NAME="toggle" --><tr class="highlight"><!-- TMPL_ELSE --><tr><!-- /TMPL_IF -->
- <td><!-- TMPL_VAR NAME="categorycode" --></td>
+ <td><!-- TMPL_VAR NAME="categorycode" escape="html" --></td>
<td>
- <a href="<!-- TMPL_VAR NAME="script_name" -->?op=add_form&categorycode=<!-- TMPL_VAR NAME="categorycode" -->"><!-- TMPL_VAR NAME="description" --></a>
+ <a href="<!-- TMPL_VAR NAME="script_name" -->?op=add_form&categorycode=<!-- TMPL_VAR NAME="categorycode" escape="url" -->"><!-- TMPL_VAR NAME="description" escape="html" --></a>
</td>
<td>
<!-- TMPL_IF NAME="type_A" -->Adult<!-- /TMPL_IF -->
@@ -243,8 +243,8 @@ Confirm Deletion of Category <!-- TMPL_VAR NAME="categorycode" --><!-- /TMPL_IF
<td><!-- TMPL_VAR NAME="enrolmentfee" --></td>
<td><!-- TMPL_IF NAME="overduenoticerequired" -->Yes<!-- TMPL_ELSE -->No<!-- /TMPL_IF --></td>
<td><!-- TMPL_VAR NAME="reservefee" --></td>
- <td><a href="<!-- TMPL_VAR NAME="script_name" -->?op=add_form&categorycode=<!-- TMPL_VAR NAME="categorycode" -->">Edit</a></td>
- <td><a href="<!-- TMPL_VAR NAME="script_name" -->?op=delete_confirm&categorycode=<!-- TMPL_VAR NAME="categorycode" -->">Delete</a></td>
+ <td><a href="<!-- TMPL_VAR NAME="script_name" -->?op=add_form&categorycode=<!-- TMPL_VAR NAME="categorycode" escape="url" -->">Edit</a></td>
+ <td><a href="<!-- TMPL_VAR NAME="script_name" -->?op=delete_confirm&categorycode=<!-- TMPL_VAR NAME="categorycode" escape="url" -->">Delete</a></td>
</tr>
<!-- /TMPL_LOOP -->
</table>
--
1.6.0.6
More information about the Koha-patches
mailing list