[% IF ctx.user AND ctx.bookbags.size %]
<optgroup label="Move selected items to">
[% FOR bbag IN ctx.bookbags %]]
- <option value="[% bbag.id %]" class="opac-auto-179-inner-option">[% bbag.name %]</option>
+ <option value="[% bbag.id %]" class="opac-auto-179-inner-option">[% bbag.name | html %]</option>
[% END %]
</optgroup>
[% END %]
<td class="opac-auto-097b" style="padding-left: 10px;">
<input type="checkbox" name="record" value="[% item %]" />
</td>
- <td class="opac-auto-097b" style="padding-left: 5px;">[% attrs.title %]</td>
- <td class="opac-auto-097b" style="padding-left: 5px;">[% attrs.author %]</td>
+ <td class="opac-auto-097b" style="padding-left: 5px;">[% attrs.title | html %]</td>
+ <td class="opac-auto-097b" style="padding-left: 5px;">[% attrs.author | html %]</td>
</tr>
[% END %]
</tbody>
<option value=''>[% none_label ? none_label : l('-- Any --') %]</option>
[% END %]
[% FOR o IN all_values %]
- <option value='[% o.code %]'[% values.grep('^' _ o.code _ '$').size ? ' selected="selected"' : '' %]>[% o.value %]</option>
+ <option value='[% o.code | uri %]'[% values.grep('^' _ o.code _ '$').size ? ' selected="selected"' : '' %]>[% o.value | html %]</option>
[% END -%]
</select>
selected = 'selected="selected"';
END;
%]
- <option value='[% walker.id %]' [% selected %] [% disabled %]>
+ <option value='[% walker.id | uri %]' [% selected %] [% disabled %]>
[%
pad = walker.ou_type.depth * 2;
FOR idx IN [0..pad]; ' '; END;
- walker.name;
+ walker.name | html;
%]
</option>
[% FOR child IN walker.children;
[% ELSIF ctx.hold_failed_event || ctx.hold_local_alert %]
<div>
<strong>[% l('Problem:') %]</strong>
- <span title="[% ctx.hold_failed_event.textcode %]">
+ <span title="[% ctx.hold_failed_event.textcode | html %]">
<em>[%
fail_part_key = ctx.hold_failed_event.payload.fail_part;
event_key = ctx.hold_failed_event.textcode;
</span>
[% IF ctx.hold_copy_available %]<p>
- [% l('Find a copy in the shelving location, "[_1]."',
- ctx.hold_copy_available.location) %]
+ [% l('Find a copy in the shelving location, "[_1]."', locname) | html %]
</p>[% END %]
[% IF ctx.could_override || ctx.hold_local_alert %]
<form method="POST">
<input type="hidden" type="name" name="override" value="1" />
[% FOR k IN ctx.orig_params.keys %]
- <input type="hidden" name="[% k %]" value="[% ctx.orig_params.$k | html %]" />
+ <input type="hidden" name="[% k %]" value="[% ctx.orig_params.$k | uri %]" />
[% END %]
<input type="image" name="submit" value="submit" title="[% l('Submit') %]"
alt="[% l('Submit') %]" src="[% ctx.media_prefix %]/images/btnSubmit.png" />
<label for="hold_usr_is_requestor_not">
[% l("Place hold for patron by barcode:") %]
</label>
- <input type="text" name="hold_usr" id="hold_usr_input" value="[% ctx.patron_recipient.card.barcode %]" /><br />[%# XXX multi-barcode users? %]
+ <input type="text" name="hold_usr" id="hold_usr_input" value="[% ctx.patron_recipient.card.barcode | html %]" /><br />[%# XXX multi-barcode users? %]
<span>
<input type="radio" id="hold_usr_is_requestor"
onchange="staff_hold_usr_input_disabler(this);"
name="hold_usr_is_requestor" value="1" />
<label for="hold_usr_is_requestor">
- [% l("Place this hold for me ([_1] [_2])",
- ctx.user.first_given_name, ctx.user.family_name) %]
+ [% l("Place this hold for me ([_1] [_2])", ctx.user.first_given_name, ctx.user.family_name) | html %]
</label>
</span>
</p>
[% END %]
<p>
- [% | l(attrs.title, ctx.get_aou(ctx.default_pickup_lib).name) %]
+ [% title = attrs.title | html; libname = ctx.get_aou(ctx.default_pickup_lib).name | html %]
+ [% | l(title, libname) %]
You would like to place a hold on <strong><q>[_1]</q></strong>.<br />
If this is correct, confirm your pickup location and click <strong>SUBMIT</strong>.
[% END %]
<select name="qtype">
[% query_type = query_type || CGI.param('qtype');
FOR qt IN query_types -%]
- <option value='[% qt.value %]'[%
+ <option value='[% qt.value | uri %]'[%
query_type == qt.value ? ' selected="selected"' : ''
- %]>[% qt.label %]</option>
+ %]>[% qt.label | html %]</option>
[% END -%]
</select>
</td>
<td id="dash_corner_mid1a">
<span id="dash_user">
- [% l('[_1] [_2]', ctx.user.first_given_name, ctx.user.family_name) %]
+ [% l('[_1] [_2]', ctx.user.first_given_name, ctx.user.family_name) | html %]
</span>
</td>
<td id="dash_corner_mid1b">
IF is_advanced || is_special;
ctx.page_title = l("Search Results");
ELSE;
- ctx.page_title = l("Search Results: ") _ CGI.param('query') | html_entity;
+ ctx.page_title = l("Search Results: ") _ CGI.param('query') | html;
END;
- page = CGI.param('page') || 0;
+ page = CGI.param('page');
+ page = page.match('^\d+$') ? page : 0; # verify page is a sane value
+
page_count = ctx.page_size == 0 ? 1 : POSIX.ceil(ctx.hit_count / ctx.page_size);
%]
<form action="[% ctx.opac_root %]/results" method="GET">
[% END %]
<div class="results_header_div"></div>
[% UNLESS is_advanced || is_special %]
- <div class="results_header_lbl">Sort by</div>
+ <div class="results_header_lbl">[% l('Sort by') %]</div>
[% INCLUDE "default/opac/parts/filtersort.tt2" value=CGI.param('sort') %]
<div class="results_header_div"></div>
projects / working / Evergreen.git / commitdiff