[%- IF !user_addr or user_addr.valid == 'f'; NEXT; END; %]
<notice type='overdue' notify_interval='[% circ_set.notice.notify_interval %]'>
<patron>
- <barcode>[% user.card.barcode %]</barcode>
- <first_given_name>[% user.first_given_name %]</first_given_name>
- <family_name>[% user.family_name %]</family_name>
+ <barcode>[% escape_xml(user.card.barcode) %]</barcode>
+ <first_given_name>[% escape_xml(user.first_given_name) %]</first_given_name>
+ <family_name>[% escape_xml(user.family_name) %]</family_name>
<addr_street1>[% escape_xml(user_addr.street1) %]</addr_street1>
<addr_street2>[% escape_xml(user_addr.street2) %]</addr_street2>
<addr_city>[% escape_xml(user_addr.city) %]</addr_city>
- <addr_state>[% user_addr.state %]</addr_state>
- <addr_post_code>[% user_addr.post_code %]</addr_post_code>
+ <addr_state>[% escape_xml(user_addr.state) %]</addr_state>
+ <addr_post_code>[% escape_xml(user_addr.post_code) %]</addr_post_code>
<email>[% escape_xml(user.email) %]</email>
<sys_id>[% user.id %]</sys_id>
</patron>
<location>
<name>[% escape_xml(lib.name) %]</name>
<shortname>[% escape_xml(lib.shortname) %]</shortname>
- <phone>[% lib.phone %]</phone>
+ <phone>[% escape_xml(lib.phone) %]</phone>
<addr_street1>[% escape_xml(lib_addr.street1) %]</addr_street1>
<addr_street2>[% escape_xml(lib_addr.street2) %]</addr_street2>
<addr_city>[% escape_xml(lib_addr.city) %]</addr_city>
- <addr_state>[% lib_addr.state %]</addr_state>
- <addr_post_code>[% lib_addr.post_code %]</addr_post_code>
+ <addr_state>[% escape_xml(lib_addr.state) %]</addr_state>
+ <addr_post_code>[% escape_xml(lib_addr.post_code) %]</addr_post_code>
<email>[% escape_xml(lib.email) %]</email>
<sys_id>[% lib.id %]</sys_id>
</location>
projects / evergreen / masslnc.git / commitdiff