[Koha-bugs] [Bug 21526] TT variables used to build a link should be uri filtered

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Fri Nov 9 13:20:43 CET 2018 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21526

--- Comment #48 from Jonathan Druart <jonathan.druart at bugs.koha-community.org> ---
(In reply to Marcel de Rooy from comment #31)
> koha-tmpl/intranet-tmpl/prog/en/includes/facets.inc
> [% url = BLOCK %][% url | $raw %][% "&sort_by=" _ sort_by | url %][% END %]
> So sort_by should be filtered by uri.

Yes.

> [% local_url = BLOCK %][% url | $raw %][% "&nolimit=" _ 
> facet.type_link_value _ ":" _ facet.facet_link_value | url %][% END %]
> Same here facet_link_value should be filtered by uri.

Yes but more complex then, we should not only replace the filter.

> [% local_url = BLOCK %][% url | $raw %][% "&limit=" _  facet.type_link_value
> _ ":" _ facet.facet_link_value | url %][% END %]
> Same line again
> 
> Since you normally filter params with uri, you have a reason here. Could you
> document such exceptions (or correct them if no reason) ?

uri will replace the &, we do not want that (see bellow)

(In reply to Marcel de Rooy from comment #33)
> koha-tmpl/intranet-tmpl/prog/en/modules/circ/printslip.tt
> +<link rel="shortcut icon" href="[% IF ( IntranetFavicon ) %][%
> IntranetFavicon | url %][% ELSE %][% interface | html %]/[% theme | html
> %]/img/favicon.ico[% END %]" type="image/x-icon" />
> interface and theme are parts here of the url path and not part of a html
> fragment so they should go here through url (not html or uri)

Yes, see comment 24, I ignored them.

(In reply to Marcel de Rooy from comment #35)
> koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-facets.inc
> [% url = BLOCK %][% url | $raw %][% "&sort_by=" _ sort_by | url %][% END
> %]
> Same as for facets above
(In reply to Marcel de Rooy from comment #37)
> +     <link>[% OPACBaseURL | html %]/cgi-bin/koha/opac-search.pl?[%
> query_cgi | $raw %][% limit_cgi | url %]&format=rss2</link>
> +     <atom:link rel="self" type="application/rss+xml" href="[% OPACBaseURL
> | url %]/cgi-bin/koha/opac-search.pl?[% query_cgi | $raw %][% limit_cgi |
> url %]&sort_by=[% sort_by | uri %]&format=rss2"/>
> 
> limit_cgi is a parameter, uri needed ?
(In reply to Marcel de Rooy from comment #47)
> I recommend to push these patches now. Some refinements can follow (see
> above comments). And Search needs attention, which we knew already..

The search part is tricky, and we should rewrite it. Did you find regressions
since 18.05? If you did we really need to take care of them (it's critical).

-- 
You are receiving this mail because:
You are watching all bug changes.

More information about the Koha-bugs mailing list