https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21349
Bug ID: 21349 Summary: Instructors with special characters (e.g. $, ., :) in their cardnumber cannot be removed from course reserves Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: normal Priority: P5 - low Component: Course reserves Assignee: koha-bugs@lists.koha-community.org Reporter: ephettepl...@cca.edu QA Contact: testo...@bugs.koha-community.org To recreate: - create a patron with a barcode that contains a character that is meaningful for CSS/jQuery selectors: comma, $, ., :, [, ], =, or @ - create a course and add them to it as an instructor - on /cgi-bin/koha/course_reserves/course.pl?course_id={{course_id}} click the "remove" link attempting to remove them from the course - ...nothing happens The source of this issue is the RemoveInstructor JavaScript function in koha-tmpl/intranet-tmpl/prog/en/modules/course_reserves/course.tt - it accepts a single "cardnumber" parameter which isn't sanitized before being used in a jQuery selector. Therefore if punctuation that's meaningful in a selector appears in a patron's barcode, the function throws an error. Here's an actual example from our Koha instance: Uncaught Error: Syntax error, unrecognized expression: #borrower_PCAC000029831$ at Function.fa.error (jquery-2.2.3.min.js:2) at fa.tokenize (jquery-2.2.3.min.js:2) at fa.select (jquery-2.2.3.min.js:2) at Function.fa [as find] (jquery-2.2.3.min.js:2) at n.fn.init.find (jquery-2.2.3.min.js:2) at n.fn.init.a.fn.find (jquery-migrate-1.3.0.min.js:2) at a.fn.init.n.fn.init (jquery-2.2.3.min.js:2) at new a.fn.init (jquery-migrate-1.3.0.min.js:2) at n (jquery-2.2.3.min.js:2) at RemoveInstructor (course.pl?course_id=39:224) The solution to this is to sanitize the cardnumber before using it, as described by this article for instance: https://learn.jquery.com/using-jquery-core/faq/how-do-i-select-an-element-by-an-id-that-has-characters-used-in-css-notation/ I'll send along a patch shortly. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/