Added escape="html" to several TMPL_VAR tags which need it in order
to deal with quotes and other special chars in user supplied data.
Many other templates still need to have escaping added to fields which
allow free form entry.
---
.../prog/en/modules/admin/categorie.tmpl | 30 ++++++++++----------
1 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/categorie.tmpl
b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/categorie.tmpl
index 92f6e30..6e034e7 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/categorie.tmpl
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/categorie.tmpl
@@ -1,7 +1,7 @@
<!-- TMPL_INCLUDE NAME="doc-head-open.inc" -->
-<title>Koha › Administration › Patron Categories › <!--
TMPL_IF NAME="add_form" --><!-- TMPL_IF NAME="categorycode" -->Modify category
'<!-- TMPL_VAR NAME="categorycode" -->'<!-- TMPL_ELSE -->New category<!--
/TMPL_IF --><!-- /TMPL_IF -->
+<title>Koha › Administration › Patron Categories › <!--
TMPL_IF NAME="add_form" --><!-- TMPL_IF NAME="categorycode" -->Modify category
'<!-- TMPL_VAR NAME="categorycode" escape="html" -->'<!-- TMPL_ELSE -->New
category<!-- /TMPL_IF --><!-- /TMPL_IF -->
<!-- TMPL_IF NAME="add_validate" -->Data recorded<!-- /TMPL_IF -->
-<!-- TMPL_IF NAME="delete_confirm" --><!-- TMPL_IF NAME="totalgtzero"
-->Cannot Delete: Category <!-- TMPL_VAR NAME="categorycode" --> in Use<!--
TMPL_ELSE -->Confirm Deletion of Category '<!-- TMPL_VAR NAME="categorycode"
-->'<!-- /TMPL_IF --><!-- /TMPL_IF -->
+<!-- TMPL_IF NAME="delete_confirm" --><!-- TMPL_IF NAME="totalgtzero"
-->Cannot Delete: Category <!-- TMPL_VAR NAME="categorycode" escape="html" -->
in Use<!-- TMPL_ELSE -->Confirm Deletion of Category '<!-- TMPL_VAR
NAME="categorycode" escape="html" -->'<!-- /TMPL_IF --><!-- /TMPL_IF -->
<!-- TMPL_IF NAME="delete_confirmed" -->Category Deleted<!-- /TMPL_IF
--></title>
<!-- TMPL_INCLUDE NAME="doc-head-close.inc" -->
<script type="text/javascript">
@@ -74,9 +74,9 @@
<!-- TMPL_INCLUDE NAME="header.inc" -->
<!-- TMPL_INCLUDE NAME="patrons-admin-search.inc" -->
-<div id="breadcrumbs"><a href="/cgi-bin/koha/mainpage.pl">Home</a> › <a
href="/cgi-bin/koha/admin/admin-home.pl">Administration</a> › <!--
TMPL_IF NAME="add_form" --> <a href="/cgi-bin/koha/admin/categorie.pl">Patron
Categories</a> › <!-- TMPL_IF NAME="categorycode" -->Modify category
'<!-- TMPL_VAR NAME="categorycode" -->'<!-- TMPL_ELSE -->New category<!--
/TMPL_IF --><!-- /TMPL_IF -->
+<div id="breadcrumbs"><a href="/cgi-bin/koha/mainpage.pl">Home</a> › <a
href="/cgi-bin/koha/admin/admin-home.pl">Administration</a> › <!--
TMPL_IF NAME="add_form" --> <a href="/cgi-bin/koha/admin/categorie.pl">Patron
Categories</a> › <!-- TMPL_IF NAME="categorycode" -->Modify category
'<!-- TMPL_VAR NAME="categorycode" escape="html" -->'<!-- TMPL_ELSE -->New
category<!-- /TMPL_IF --><!-- /TMPL_IF -->
<!-- TMPL_IF NAME="add_validate" --> <a
href="/cgi-bin/koha/admin/categorie.pl">Patron Categories</a> › Data
recorded<!-- /TMPL_IF -->
-<!-- TMPL_IF NAME="delete_confirm" --> <a
href="/cgi-bin/koha/admin/categorie.pl">Patron Categories</a> › <!--
TMPL_IF NAME="totalgtzero" -->Cannot Delete: Category <!-- TMPL_VAR
NAME="categorycode" --> in Use<!-- TMPL_ELSE -->Confirm Deletion of Category
'<!-- TMPL_VAR NAME="categorycode" -->'<!-- /TMPL_IF --><!-- /TMPL_IF -->
+<!-- TMPL_IF NAME="delete_confirm" --> <a
href="/cgi-bin/koha/admin/categorie.pl">Patron Categories</a> › <!--
TMPL_IF NAME="totalgtzero" -->Cannot Delete: Category <!-- TMPL_VAR
NAME="categorycode" escape="html" --> in Use<!-- TMPL_ELSE -->Confirm Deletion
of Category '<!-- TMPL_VAR NAME="categorycode" escape="html" -->'<!-- /TMPL_IF
--><!-- /TMPL_IF -->
<!-- TMPL_IF NAME="delete_confirmed" --> <a
href="/cgi-bin/koha/admin/categorie.pl">Patron Categories</a> › Category
Deleted<!-- /TMPL_IF -->
<!-- TMPL_IF NAME="else" -->Patron Categories<!-- /TMPL_IF --></div>
@@ -95,18 +95,18 @@
<input type="hidden" name="op" value="add_validate" />
<input type="hidden" name="checked" value="0" />
<!-- TMPL_IF NAME="categorycode" -->
- <h1>Modify category <!-- TMPL_VAR NAME="categorycode" --></h1>
+ <h1>Modify category <!-- TMPL_VAR NAME="categorycode"
escape="html" --></h1>
<!-- TMPL_ELSE -->
<h1>New category</h1>
<!-- /TMPL_IF -->
<fieldset class="rows">
<ol><!-- TMPL_IF NAME="categorycode" -->
- <li><span class="label">Category code</span><!-- TMPL_VAR
NAME="categorycode" -->
- <input type="hidden" name="categorycode"
value="<!-- TMPL_VAR NAME="categorycode" -->" /><input type="hidden"
name="is_a_modif" value="1" /></li>
+ <li><span class="label">Category code</span><!-- TMPL_VAR
NAME="categorycode" escape="html" -->
+ <input type="hidden" name="categorycode"
value="<!-- TMPL_VAR NAME="categorycode" escape="html" -->" /><input
type="hidden" name="is_a_modif" value="1" /></li>
<!-- TMPL_ELSE -->
<li><label for="categorycode">Category code: </label> <input
type="text" name="categorycode" id="categorycode" size="10" maxlength="10"
onblur="toUC(this)" /></li>
<!-- /TMPL_IF -->
- <li><label for="description">Description: </label> <input
type="text" name="description" id="description" size="40" maxlength="80"
value="<!-- TMPL_VAR NAME="description" -->" /></li>
+ <li><label for="description">Description: </label> <input
type="text" name="description" id="description" size="40" maxlength="80"
value="<!-- TMPL_VAR NAME="description" escape="html" -->" /></li>
<li><label for="enrolmentperiod">Enrollment period: </label>
<input type="text" name="enrolmentperiod" id="enrolmentperiod" size="3"
maxlength="3" value="<!-- TMPL_VAR NAME="enrolmentperiod" -->" /> months</li>
<li><label for="dateofbirthrequired">Age required: </label>
<input type="text" name="dateofbirthrequired" id="dateofbirthrequired"
value="<!-- TMPL_VAR NAME="dateofbirthrequired" -->" size="3" maxlength="3" />
years</li>
<li><label for="upperagelimit">Upperage limit: </label> <input
type="text" name="upperagelimit" id="upperagelimit" size="3" maxlength="3"
value="<!-- TMPL_VAR NAME="upperagelimit" -->" /> years</li>
@@ -151,13 +151,13 @@
<form action="<!-- TMPL_VAR NAME="script_name" -->" method="post">
<fieldset><legend>
<!-- TMPL_IF NAME="totalgtzero" -->
- Category <!-- TMPL_VAR NAME="categorycode" --> is in use. Deletion not
possible!<!-- TMPL_ELSE -->
-Confirm Deletion of Category <!-- TMPL_VAR NAME="categorycode" --><!--
/TMPL_IF --></legend>
+ Category <!-- TMPL_VAR NAME="categorycode" escape="html" --> is in use.
Deletion not possible!<!-- TMPL_ELSE -->
+Confirm Deletion of Category <!-- TMPL_VAR NAME="categorycode" escape="html"
--><!-- /TMPL_IF --></legend>
<!-- TMPL_IF NAME="totalgtzero" --><div class="dialog alert"><strong>This
category is used <!-- TMPL_VAR NAME="total" --> times</strong>. Deletion not
possible</div><!-- /TMPL_IF -->
<table>
- <tr><th scope="row">Category code: </th><td><!-- TMPL_VAR
NAME="categorycode" --></td></tr>
- <tr><th scope="row">Description: </th><td><!-- TMPL_VAR
NAME="description" --></td></tr>
+ <tr><th scope="row">Category code: </th><td><!-- TMPL_VAR
NAME="categorycode" escape="html" --></td></tr>
+ <tr><th scope="row">Description: </th><td><!-- TMPL_VAR
NAME="description" escape="html" --></td></tr>
<tr><th scope="row">Enrollment period: </th><td><!-- TMPL_VAR
NAME="enrolmentperiod" --> months</td></tr>
<tr><th scope="row">Age required: </th><td><!-- TMPL_VAR
NAME="dateofbirthrequired" --> years</td></tr>
<tr><th scope="row">Upperage limit: </th><td><!-- TMPL_VAR
NAME="upperagelimit" --> years</td></tr>
@@ -169,7 +169,7 @@ Confirm Deletion of Category <!-- TMPL_VAR
NAME="categorycode" --><!-- /TMPL_IF
<input type="submit" value="OK" /></form>
<!-- TMPL_ELSE -->
<input type="hidden" name="op" value="delete_confirmed"
/>
- <input type="hidden" name="categorycode" value="<!--
TMPL_VAR NAME="categorycode" -->" /> <input type="submit" value="Delete this
Category" /> <a class="cancel"
href="/cgi-bin/koha/admin/categorie.pl">Cancel</a>
+ <input type="hidden" name="categorycode" value="<!--
TMPL_VAR NAME="categorycode" escape="html" -->" /> <input type="submit"
value="Delete this Category" /> <a class="cancel"
href="/cgi-bin/koha/admin/categorie.pl">Cancel</a>
<!-- /TMPL_IF --></fieldset></fieldset></form>
<!-- /TMPL_IF -->
@@ -225,9 +225,9 @@ Confirm Deletion of Category <!-- TMPL_VAR
NAME="categorycode" --><!-- /TMPL_IF
</tr>
<!-- TMPL_LOOP NAME="loop" -->
<!-- TMPL_IF NAME="toggle" --><tr class="highlight"><!--
TMPL_ELSE --><tr><!-- /TMPL_IF -->
- <td><!-- TMPL_VAR NAME="categorycode" --></td>
+ <td><!-- TMPL_VAR NAME="categorycode" escape="html"
--></td>
<td>
- <a href="<!-- TMPL_VAR NAME="script_name"
-->?op=add_form&categorycode=<!-- TMPL_VAR NAME="categorycode" -->"><!--
TMPL_VAR NAME="description" --></a>
+ <a href="<!-- TMPL_VAR NAME="script_name"
-->?op=add_form&categorycode=<!-- TMPL_VAR NAME="categorycode"
escape="html" -->"><!-- TMPL_VAR NAME="description" escape="html" --></a>
</td>
<td>
<!-- TMPL_IF NAME="type_A" -->Adult<!-- /TMPL_IF
-->
--
1.6.0.6
_______________________________________________
Koha-patches mailing list
[email protected]
http://lists.koha.org/mailman/listinfo/koha-patches
