https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13618
Jonathan Druart <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #47425|0 |1 is obsolete| | Attachment #47426|0 |1 is obsolete| | Attachment #47427|0 |1 is obsolete| | Attachment #47428|0 |1 is obsolete| | Attachment #47429|0 |1 is obsolete| | Attachment #47430|0 |1 is obsolete| | Attachment #47431|0 |1 is obsolete| | Attachment #47432|0 |1 is obsolete| | Attachment #47433|0 |1 is obsolete| | Attachment #47434|0 |1 is obsolete| | Attachment #47435|0 |1 is obsolete| | Attachment #47436|0 |1 is obsolete| | Attachment #47437|0 |1 is obsolete| | Attachment #47438|0 |1 is obsolete| | Attachment #47439|0 |1 is obsolete| | Attachment #47440|0 |1 is obsolete| | Attachment #47441|0 |1 is obsolete| | Attachment #47442|0 |1 is obsolete| | Attachment #47443|0 |1 is obsolete| | Attachment #47444|0 |1 is obsolete| | Attachment #47445|0 |1 is obsolete| | Attachment #47446|0 |1 is obsolete| | Attachment #47447|0 |1 is obsolete| | Attachment #47448|0 |1 is obsolete| | Attachment #47449|0 |1 is obsolete| | Attachment #47450|0 |1 is obsolete| | Attachment #47451|0 |1 is obsolete| | Attachment #47452|0 |1 is obsolete| | --- Comment #213 from Jonathan Druart <[email protected]> --- Created attachment 59983 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=59983&action=edit Bug 13618: Use Template::Stash::AutoEscaping to use the html filter Test plan: 0/ sudo cpanm Template::Stash::AutoEscaping 1/ Verify don't reproduce the XSS issue described on bug 13609 and other xss related bugs. 2/ Try to find some encoding issues (detail page, search results, facets, etc.) Signed-off-by: Signed-off-by: Joonas Kylmälä <[email protected]> Signed-off-by: Bernardo Gonzalez Kriegel <[email protected]> Bug 13618: Remove html filters at the OPAC This patch removes the html filters at the OPAC, if necessary. Generated with: perl -p -i -e 's/\ ?\|\ ?html(\ ?)%/\1%/g' **/*.tt **/*.inc Signed-off-by: Signed-off-by: Joonas Kylmälä <[email protected]> Signed-off-by: Bernardo Gonzalez Kriegel <[email protected]> Bug 13618: Specific places where we don't need to escape variables There is no need to escape the html generated by the XSLT. Signed-off-by: Signed-off-by: Joonas Kylmälä <[email protected]> Signed-off-by: Bernardo Gonzalez Kriegel <[email protected]> Bug 13618: Remove html filters at the intranet Signed-off-by: Signed-off-by: Joonas Kylmälä <[email protected]> Signed-off-by: Bernardo Gonzalez Kriegel <[email protected]> Bug 13618: Specific places where we don't need to escape variables - intra Signed-off-by: Signed-off-by: Joonas Kylmälä <[email protected]> Signed-off-by: Bernardo Gonzalez Kriegel <[email protected]> Bug 13618: Specific for pagination_bar Signed-off-by: Signed-off-by: Joonas Kylmälä <[email protected]> Signed-off-by: Bernardo Gonzalez Kriegel <[email protected]> Bug 13618: Specific for the ISBD view Signed-off-by: Signed-off-by: Joonas Kylmälä <[email protected]> Signed-off-by: Bernardo Gonzalez Kriegel <[email protected]> Bug 13618: Fix error 'Not a GLOB reference' The interpolation of a variable on including a file caused an unexpected error: Template process failed: undef error - Not a GLOB reference at /usr/lib/i386-linux-gnu/perl5/5.20/Template/Provider.pm line 619. The easier fix is to replace it with a SWITCH. Signed-off-by: Signed-off-by: Joonas Kylmälä <[email protected]> Signed-off-by: Bernardo Gonzalez Kriegel <[email protected]> Bug 13618: Specific for IntranetUser* and OPACUser* prefs Signed-off-by: Signed-off-by: Joonas Kylmälä <[email protected]> Signed-off-by: Bernardo Gonzalez Kriegel <[email protected]> Bug 13618: Specific for ColumnsSettings Signed-off-by: Signed-off-by: Joonas Kylmälä <[email protected]> Signed-off-by: Bernardo Gonzalez Kriegel <[email protected]> Bug 13618 - memberentrygen.tt errors Not a GLOB reference Like Jonathan said: The interpolation of a variable on including a file caused an unexpected error: Template process failed: undef error - Not a GLOB reference at /usr/lib/i386-linux-gnu/perl5/5.20/Template/Provider.pm line 619. Replaced it with a SWITCH, like the other patch for this similar error. Signed-off-by: Signed-off-by: Joonas Kylmälä <[email protected]> Signed-off-by: Bernardo Gonzalez Kriegel <[email protected]> Bug 13618: Specific for other prefs opacmainuserblock opacnav opacnavright opaccredits opacheader opaccustomsearch opacmysummaryhtml opacmysummarynote opacnavbottom opacnoresultsfound opacresultssidebar opacsearchfortitlein restrictedpagecontent PatronSelfRegistrationAdditionalInstructions intranetmainuserblock intranetnav intranetslipprinterjs OpacSuppressionMessage SCOUserCSS SCOUserJS SelfCheckHelpMessage NoLoginInstructions Signed-off-by: Signed-off-by: Joonas Kylmälä <[email protected]> Signed-off-by: Bernardo Gonzalez Kriegel <[email protected]> Bug 13618: Specific for Salutation on editing a patron Signed-off-by: Signed-off-by: Joonas Kylmälä <[email protected]> Signed-off-by: Bernardo Gonzalez Kriegel <[email protected]> Bug 13618: Specific for XSLTBloc Signed-off-by: Signed-off-by: Joonas Kylmälä <[email protected]> Signed-off-by: Bernardo Gonzalez Kriegel <[email protected]> Bug 13618: Fix escape on sending baskets or shelves by email Test plan: Send baskets and shelves by email. With or without this patch, you should not see any changes. Signed-off-by: Signed-off-by: Joonas Kylmälä <[email protected]> Signed-off-by: Bernardo Gonzalez Kriegel <[email protected]> Bug 13618: Fix for news Signed-off-by: Signed-off-by: Joonas Kylmälä <[email protected]> Signed-off-by: Bernardo Gonzalez Kriegel <[email protected]> Bug 13618: Fix last occurrences recently introduced to master Signed-off-by: Bernardo Gonzalez Kriegel <[email protected]> Bug 13618: followup to remove tabs Signed-off-by: Bernardo Gonzalez Kriegel <[email protected]> This followup on top of remote branch Only remove tabs and trailing spaces to make koha-qa pass Bug 13618: Fix for edit biblios and items On editing biblios or items, the marc_lib, marc_value and javascript values are often populated with html code which needs to be displayed raw. Signed-off-by: Bernardo Gonzalez Kriegel <[email protected]> Bug 13618: (follow-up) Specific for ColumnsSettings Signed-off-by: Bernardo Gonzalez Kriegel <[email protected]> Bug 13618: (follow-up) add missing lines for opac-shelves Proposed patch to fix opac-shelves Signed-off-by: Jonathan Druart <[email protected]> Bug 13618: Remove html filters for newly pushed code Bug 13618: Fix for system preference description If a syspref description contains html tag, do not display them Bug 13618: Do not display and html tags in item fields content Note that there might be other occurrences to fix! Bug 13618: Do not display html tags in patron's notices Bug 13618: Fix for debarredcomment and patron messages At the OPAC and intranet. Bug 13618: (follow-up) Specific for other prefs follow-up for SlipCSS and printslip -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
