-[% cnoffset = CGI.param('cnoffset') || 0; %]
+[%
+ cnoffset = CGI.param('cnoffset');
+ cnoffset = cnoffset.match('^\d+$') ? cnoffset : 0; # verify cnoffset is a sane value
+%]
<div id='cn_browse' class='cn_browser'>
<div id='cn_browse_div'>
<div class='color_4'>
<span>[% l("You are now browsing") %]</span>
- <strong>[% ctx.browsing_ou.name %]</strong>
+ <strong>[% ctx.browsing_ou.name | html %]</strong>
</div>
<table class='data_grid bookshelf' width='100%'>
<thead>
IF ident %]
<a href="[% mkurl(ctx.opac_root _ '/record/' _ cn.record.id, {}, 1) %]"><img height='60' width='50'
class='cn_browse_info' name='cn_browse_pic' border='0'
- src="[% ctx.media_prefix %]/opac/extras/ac/jacket/small/[% ident %]" /></a>
+ src="[% ctx.media_prefix %]/opac/extras/ac/jacket/small/[% ident | uri %]" /></a>
[% END %]
- <div class='cn_browse_info bold' name='cn_browse_cn'>[% cn.label %]</div>
+ <div class='cn_browse_info bold' name='cn_browse_cn'>[% cn.label | html %]</div>
<div class='cn_browse_info'>
<a name='cn_browse_title' class='classic_link'
- href="[% mkurl(ctx.opac_root _ '/record/' _ cn.record.id, {}, 1) %]">[% rec_attrs.title %]</a>
+ href="[% mkurl(ctx.opac_root _ '/record/' _ cn.record.id, {}, 1) %]">[% rec_attrs.title | html %]</a>
</div>
[% IF rec_attrs.author %]<div class='cn_browse_info'>
<a name='cn_browse_author' class='classic_link'
href="[%-
authorquery = rec_attrs.author | replace('[,\.:;]', '');
mkurl(ctx.opac_root _ '/results', {qtype => 'author', query => authorquery}, 1)
- -%]">[% rec_attrs.author | html_entity %]</a>
+ -%]">[% rec_attrs.author | html %]</a>
</div>[% END %]
- <div class='cn_browse_info' name='cn_browse_lib'>[% cn.owning_lib.name %]</div>
+ <div class='cn_browse_info' name='cn_browse_lib'>[% cn.owning_lib.name | html %]</div>
</td>
[% IF loop.index % 3 == 2; tr_open = 0 %]
</tr>
[% PROCESS "default/opac/parts/misc_util.tt2";
USE ResolverResolver;
- ctx.page_title = attrs.title | html_entity
+ ctx.page_title = attrs.title | html
%]
<!-- ****************** rdetail_summary.xml ***************************** -->
<abbr class="unapi-id" title='tag:[% ctx.hostname %],[% date.format(date.now, '%Y') %]:biblio-record_entry/[% ctx.bre_id %]'></abbr>
<tr>
<td width="90" valign="top" id="rdetail_image_cell">
[% ident = attrs.isbn_clean || attrs.upc; IF ident; %]
- <a id='rdetail_img_link' href='[% ctx.media_prefix %]/opac/extras/ac/jacket/large/[% ident %]'><img
+ <a id='rdetail_img_link' href='[% ctx.media_prefix %]/opac/extras/ac/jacket/large/[% ident
| uri %]'><img
alt="[% l('Image of item') %]" id='rdetail_image'
- src='[% ctx.media_prefix %]/opac/extras/ac/jacket/medium/[% ident %]' /></a>
+ src='[% ctx.media_prefix %]/opac/extras/ac/jacket/medium/[% ident | uri %]' /></a>
[% END %]
<br />
</td>
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tr>
<td valign="top">
- <span id='rdetail_title'>[% attrs.title_extended | html_entity %]</span><br />
+ <span id='rdetail_title'>[% attrs.title_extended | html %]</span><br />
[% IF attrs.author %]
<span class='opac-auto-030'>[% l("Author") %]:</span>
<em><a title='[% l("Perform an author search") %]'
href="[%-
authorquery = attrs.author | replace('[,\.:;]', '');
mkurl(ctx.opac_root _ '/results', {qtype => 'author', query => authorquery})
- -%]">[% attrs.author | html_entity %]</a></em>
+ -%]">[% attrs.author | html %]</a></em>
[% END %]
</td>
<td align="right" valign="top" nowrap="nowrap" style="white-space:nowrap;">
</div>
<div style="float:right;margin-right:17px;">
[% IF attrs.format_icon %]
- <img alt="[% attrs.format_label %]" title="[% attrs.format_label %]" src="[% attrs.format_icon %]" />
+ <img alt="[% attrs.format_label %]" title="[% attrs.format_label | html %]" src="[% attrs.format_icon %]" />
[% END %]
</div>
</div>
[% IF attrs.isbns.0 %]<strong id="rdetail_isbn_lbl">[% l("ISBN") %]</strong>[% END %]
</td>
<td valign="top" id='rdetail_isbn'>
- [% FOR isbn IN attrs.isbns %][% IF !loop.first; %]<br/>[% END; isbn; END %]
+ [% FOR isbn IN attrs.isbns %][% IF !loop.first; %]<br/>[% END; isbn | html ; END %]
</td>
<td nowrap='nowrap' valign="top">
[% IF attrs.phys_desc %]<strong id="rdetail_phys_lbl">[% l("Physical Description") %]</strong>[% END %]
</td>
- <td valign="top" id='rdetail_physical_desc'>[% attrs.phys_desc %]</td>
+ <td valign="top" id='rdetail_physical_desc'>[% attrs.phys_desc | html %]</td>
</tr>
[% IF openurl.enabled == 'true';
FOR issn IN args.issns;
<td nowrap='nowrap' valign="top">
<strong>[% IF attrs.marc_cn; l("Call Number"); END %]</strong>
</td>
- <td valign="top">[% attrs.marc_cn %]</td>
+ <td valign="top">[% attrs.marc_cn | html %]</td>
<td nowrap='nowrap' valign="top">
<strong id="rdetail_ed_lbl">[% IF attrs.edition; l("Edition"); END %]</strong>
</td>
- <td valign="top" id='rdetail_edition'>[% attrs.edition %]</td>
+ <td valign="top" id='rdetail_edition'>[% attrs.edition | html %]</td>
</tr>
<tr>
<td nowrap='nowrap' valign="top">
<strong id="rdetail_pub_lbl">[% IF attrs.publisher; l("Publisher"); END %]</strong>
</td>
- <td valign="top" id='rdetail_publisher'>[% attrs.publisher %]</td>
+ <td valign="top" id='rdetail_publisher'>[% attrs.publisher | html %]</td>
<td nowrap='nowrap' valign="top">
<strong id="rdetail_pubdate_lbl">[% IF attrs.pubdate; l("Publication Date"); END %]</strong>
</td>
- <td valign="top" id='rdetail_pubdate'>[% attrs.pubdate %]</td>
+ <td valign="top" id='rdetail_pubdate'>[% attrs.pubdate | html %]</td>
</tr>
</table>
<a href="http://www.kcls.org/[% dir %]/"
class="classic_link">[% org_name %]</a>
</td>
- <td>[% copy_info.call_number_label %]</td>
- <td>[% copy_info.barcode %]</td>
- <td>[% copy_info.copy_location %]</td>
+ <td>[% copy_info.call_number_label | html %]</td>
+ <td>[% copy_info.barcode | html %]</td>
+ <td>[% copy_info.copy_location | html %]</td>
[% IF ctx.is_staff %]
<td>
[% copy_info.age_protect ?
- ctx.get_crahp(copy_info.age_protect).name : l('None') %]
+ ctx.get_crahp(copy_info.age_protect).name html : l('None') | html %]
</td>
<td>[% date.format(
ctx.parse_datetime(copy_info.create_date),
l("No");
END %]</td>
[% END %]
- <td>[% copy_info.copy_status %]</td>
+ <td>[% copy_info.copy_status | html %]</td>
<td>[%
IF copy_info.due_date;
date.format(
projects / contrib / Conifer.git / commitdiff