From 8c34944ebcf2142324358539b4b719de4f4788da Mon Sep 17 00:00:00 2001 From: miker Date: Mon, 12 Apr 2010 15:07:26 +0000 Subject: [PATCH] Backporting r16204: Patch from Galen Charlton. This patch adds additional calls to escape_xml to handle cases where patron or library data could contain ampersand or other characters that need to be converted to entities. Issue discovered by Bibliomation; patch includes contributions by Ben Ostrowsky. git-svn-id: svn://svn.open-ils.org/ILS/branches/rel_1_6@16205 dcc99617-32d9-48b4-a31d-7c20da2025e4 --- Open-ILS/examples/templates/overdue_combined_xml.example | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/Open-ILS/examples/templates/overdue_combined_xml.example b/Open-ILS/examples/templates/overdue_combined_xml.example index 3388137b6f..aaf861bded 100644 --- a/Open-ILS/examples/templates/overdue_combined_xml.example +++ b/Open-ILS/examples/templates/overdue_combined_xml.example @@ -15,26 +15,26 @@ [%- IF !user_addr or user_addr.valid == 'f'; NEXT; END; %] - [% user.card.barcode %] - [% user.first_given_name %] - [% user.family_name %] + [% escape_xml(user.card.barcode) %] + [% escape_xml(user.first_given_name) %] + [% escape_xml(user.family_name) %] [% escape_xml(user_addr.street1) %] [% escape_xml(user_addr.street2) %] [% escape_xml(user_addr.city) %] - [% user_addr.state %] - [% user_addr.post_code %] + [% escape_xml(user_addr.state) %] + [% escape_xml(user_addr.post_code) %] [% escape_xml(user.email) %] [% user.id %] [% escape_xml(lib.name) %] [% escape_xml(lib.shortname) %] - [% lib.phone %] + [% escape_xml(lib.phone) %] [% escape_xml(lib_addr.street1) %] [% escape_xml(lib_addr.street2) %] [% escape_xml(lib_addr.city) %] - [% lib_addr.state %] - [% lib_addr.post_code %] + [% escape_xml(lib_addr.state) %] + [% escape_xml(lib_addr.post_code) %] [% escape_xml(lib.email) %] [% lib.id %] -- 2.11.0