projects / evergreen / pines.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c118b74)
LP1914116: Apply html filter to mkurl() output
authorJason Boyer <JBoyer@equinoxinitiative.org>
Mon, 8 Feb 2021 19:20:32 +0000 (14:20 -0500)
committerJason Boyer <JBoyer@equinoxinitiative.org>
Mon, 15 Feb 2021 17:42:14 +0000 (12:42 -0500)
Because of the way that mkurl() generates its query parameters they're
generally escaped correctly, but nowhere do we run the output of mkurl()
through the html filter to correctly handle ampersands. Rather than adding
"|html" to every invocation of mkurl, it's just added to the macro directly.

Signed-off-by: Jason Boyer <JBoyer@equinoxinitiative.org>
Signed-off-by: Garry Collum <gcollum@gmail.com>
Open-ILS/src/templates-bootstrap/opac/parts/header.tt2 patch | blob | history
Open-ILS/src/templates/opac/parts/header.tt2 patch | blob | history

diff --git a/Open-ILS/src/templates-bootstrap/opac/parts/header.tt2 b/Open-ILS/src/templates-bootstrap/opac/parts/header.tt2
index f54b472..88c39b1 100755 (executable)
--- a/Open-ILS/src/templates-bootstrap/opac/parts/header.tt2
+++ b/Open-ILS/src/templates-bootstrap/opac/parts/header.tt2
@@ -102,13 +102,13 @@
 
         IF page;
             IF cgi.query_string;
-                page _ '?' _ cgi.query_string _ final;
+                page _ '?' _ cgi.query_string _ final | html;
             ELSE;
-                page _ final;
+                page _ final | html;
             END;
         ELSE;
             # staying on the current page
-            cgi.url("-absolute" => 1, "-path" => 1, "-query" => 1) _ final;
+            cgi.url("-absolute" => 1, "-path" => 1, "-query" => 1) _ final | html;
         END;
     END;
 
diff --git a/Open-ILS/src/templates/opac/parts/header.tt2 b/Open-ILS/src/templates/opac/parts/header.tt2
index 2bf7bb0..0b404e0 100644 (file)
--- a/Open-ILS/src/templates/opac/parts/header.tt2
+++ b/Open-ILS/src/templates/opac/parts/header.tt2
@@ -102,13 +102,13 @@
 
         IF page;
             IF cgi.query_string;
-                page _ '?' _ cgi.query_string _ final;
+                page _ '?' _ cgi.query_string _ final | html;
             ELSE;
-                page _ final;
+                page _ final | html;
             END;
         ELSE;
             # staying on the current page
-            cgi.url("-absolute" => 1, "-path" => 1, "-query" => 1) _ final;
+            cgi.url("-absolute" => 1, "-path" => 1, "-query" => 1) _ final | html;
         END;
     END;
 
Evergreen working repo (PINES)