[Koha-patches] [PATCH] (Bug 3402) Serials issue name not escaped when passed forward to routing slip
J. David Bavousett
dbavousett at ptfs.com
Mon Jul 27 14:15:37 CEST 2009
The issue descriptor was not being escaped before being passed on to the
routing slip, causing truncation. It's truly impossible to know for sure
what will be there, so uri_escape-ing seemed the best way to ensure that
it gets handed forward and makes it all the way to the printable slip.
---
.../prog/en/modules/serials/routing-preview.tmpl | 4 ++--
serials/routing-preview.pl | 2 ++
serials/routing.pl | 5 ++++-
3 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/serials/routing-preview.tmpl b/koha-tmpl/intranet-tmpl/prog/en/modules/serials/routing-preview.tmpl
index f636cc5..c3a4e4a 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/serials/routing-preview.tmpl
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/serials/routing-preview.tmpl
@@ -43,7 +43,7 @@ window.open(myurl,'PrintSlip','width=500,height=500,toolbar=no,scrollbars=yes');
<td><!-- TMPL_VAR NAME="routingnotes" --></td></tr>
</table>
<p>
-<input type="submit" name="ok" class="button" value="OK, Preview Routing Slip" onclick="print_slip(<!-- TMPL_VAR NAME="subscriptionid" -->,'<!-- TMPL_VAR NAME="issue" -->'); return false" />
+<input type="submit" name="ok" class="button" value="OK, Preview Routing Slip" onclick="print_slip(<!-- TMPL_VAR NAME="subscriptionid" -->,'<!-- TMPL_VAR NAME="issue_escaped" -->'); return false" />
<input type="submit" name="edit" class="button" value="Edit" />
<input type="submit" name="delete" class="button" value="Delete" /></p>
</form>
@@ -55,4 +55,4 @@ window.open(myurl,'PrintSlip','width=500,height=500,toolbar=no,scrollbars=yes');
<!-- TMPL_INCLUDE NAME="serials-menu.inc" -->
</div>
</div>
-<!-- TMPL_INCLUDE NAME="intranet-bottom.inc" -->
\ No newline at end of file
+<!-- TMPL_INCLUDE NAME="intranet-bottom.inc" -->
diff --git a/serials/routing-preview.pl b/serials/routing-preview.pl
index 7a33010..d910d59 100755
--- a/serials/routing-preview.pl
+++ b/serials/routing-preview.pl
@@ -17,6 +17,7 @@ use C4::Members;
use C4::Biblio;
use C4::Items;
use C4::Serials;
+use URI::Escape;
my $query = new CGI;
my $subscriptionid = $query->param('subscriptionid');
@@ -113,6 +114,7 @@ $routingnotes =~ s/\n/\<br \/\>/g;
$template->param(
title => $subs->{'bibliotitle'},
issue => $issue,
+ issue_escaped => URI::Escape::uri_escape($issue),
subscriptionid => $subscriptionid,
memberloop => \@results,
routingnotes => $routingnotes,
diff --git a/serials/routing.pl b/serials/routing.pl
index d84076a..51360d8 100755
--- a/serials/routing.pl
+++ b/serials/routing.pl
@@ -38,6 +38,8 @@ use C4::Context;
use C4::Members;
use C4::Serials;
+use URI::Escape;
+
my $query = new CGI;
my $subscriptionid = $query->param('subscriptionid');
my $serialseq = $query->param('serialseq');
@@ -58,7 +60,8 @@ if($op eq 'add'){
if($op eq 'save'){
my $sth = $dbh->prepare("UPDATE serial SET routingnotes = ? WHERE subscriptionid = ?");
$sth->execute($notes,$subscriptionid);
- print $query->redirect("routing-preview.pl?subscriptionid=$subscriptionid&issue=$date_selected");
+ my $urldate = URI::Escape::uri_escape($date_selected);
+ print $query->redirect("routing-preview.pl?subscriptionid=$subscriptionid&issue=$urldate");
}
my ($routing, @routinglist) = getroutinglist($subscriptionid);
--
1.5.6.5
More information about the Koha-patches
mailing list