From be000d2c73e34e5e562621074396fe05275a7b22 Mon Sep 17 00:00:00 2001 From: Jason Boyer Date: Mon, 8 Feb 2021 14:20:32 -0500 Subject: [PATCH] LP1914116: Apply html filter to mkurl() output Because of the way that mkurl() generates its query parameters they're generally escaped correctly, but nowhere do we run the output of mkurl() through the html filter to correctly handle ampersands. Rather than adding "|html" to every invocation of mkurl, it's just added to the macro directly. Signed-off-by: Jason Boyer Signed-off-by: Garry Collum --- Open-ILS/src/templates-bootstrap/opac/parts/header.tt2 | 6 +++--- Open-ILS/src/templates/opac/parts/header.tt2 | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Open-ILS/src/templates-bootstrap/opac/parts/header.tt2 b/Open-ILS/src/templates-bootstrap/opac/parts/header.tt2 index f54b472241..88c39b14d6 100755 --- a/Open-ILS/src/templates-bootstrap/opac/parts/header.tt2 +++ b/Open-ILS/src/templates-bootstrap/opac/parts/header.tt2 @@ -102,13 +102,13 @@ IF page; IF cgi.query_string; - page _ '?' _ cgi.query_string _ final; + page _ '?' _ cgi.query_string _ final | html; ELSE; - page _ final; + page _ final | html; END; ELSE; # staying on the current page - cgi.url("-absolute" => 1, "-path" => 1, "-query" => 1) _ final; + cgi.url("-absolute" => 1, "-path" => 1, "-query" => 1) _ final | html; END; END; diff --git a/Open-ILS/src/templates/opac/parts/header.tt2 b/Open-ILS/src/templates/opac/parts/header.tt2 index 2bf7bb0e3c..0b404e073e 100644 --- a/Open-ILS/src/templates/opac/parts/header.tt2 +++ b/Open-ILS/src/templates/opac/parts/header.tt2 @@ -102,13 +102,13 @@ IF page; IF cgi.query_string; - page _ '?' _ cgi.query_string _ final; + page _ '?' _ cgi.query_string _ final | html; ELSE; - page _ final; + page _ final | html; END; ELSE; # staying on the current page - cgi.url("-absolute" => 1, "-path" => 1, "-query" => 1) _ final; + cgi.url("-absolute" => 1, "-path" => 1, "-query" => 1) _ final | html; END; END; -- 2.11.0