projects
/
koha-ffzg.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Bug 19086: Fix Stored XSS in members/member.pl
[koha-ffzg.git]
/
koha-tmpl
/
intranet-tmpl
/
prog
/
en
/
modules
/
members
/
member.tt
diff --git
a/koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt
b/koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt
index
0ee110b
..
73598d8
100644
(file)
--- a/
koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt
+++ b/
koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt
@@
-37,7
+37,6
@@
$(document).ready(function() {
}
});
}
});
- $("#patron_list_dialog").hide();
$("#add_to_patron_list_submit").on('click', function(e){
if ( $('#add_to_patron_list').val() == 'new' ) {
if ( $('#new_patron_list').val() ) {
$("#add_to_patron_list_submit").on('click', function(e){
if ( $('#add_to_patron_list').val() == 'new' ) {
if ( $('#new_patron_list').val() ) {
@@
-109,13
+108,14
@@
$(document).ready(function() {
e.preventDefault();
clearFilters(true);
});
e.preventDefault();
clearFilters(true);
});
+ $("#searchform").on("submit", filter);
});
var dtMemberResults;
var search = 1;
$(document).ready(function() {
[% IF searchmember %]
});
var dtMemberResults;
var search = 1;
$(document).ready(function() {
[% IF searchmember %]
- $("#searchmember_filter").val("[% searchmember %]");
+ $("#searchmember_filter").val("[% searchmember
| html
%]");
[% END %]
[% IF searchfieldstype %]
$("searchfieldstype_filter").val("[% searchfieldstype %]");
[% END %]
[% IF searchfieldstype %]
$("searchfieldstype_filter").val("[% searchfieldstype %]");
@@
-131,8
+131,9
@@
$(document).ready(function() {
[% END %]
[% IF view != "show_results" %]
[% END %]
[% IF view != "show_results" %]
- $("#searchresults").hide();
search = 0;
search = 0;
+ [% ELSE %]
+ $("#searchresults").show();
[% END %]
// Build the aLengthMenu
[% END %]
// Build the aLengthMenu
@@
-161,6
+162,10
@@
$(document).ready(function() {
// Apply DataTables on the results table
var columns_settings = [% ColumnsSettings.GetColumns( 'members', 'member', 'memberresultst', 'json' ) %];
// Apply DataTables on the results table
var columns_settings = [% ColumnsSettings.GetColumns( 'members', 'member', 'memberresultst', 'json' ) %];
+ [% UNLESS CAN_user_tools_manage_patron_lists %]
+ [%# Remove the first column if we do not display the checkbox %]
+ columns_settings.splice(0, 1);
+ [% END %]
dtMemberResults = KohaTable("#memberresultst", {
'bServerSide': true,
'sAjaxSource': "/cgi-bin/koha/svc/members/search",
dtMemberResults = KohaTable("#memberresultst", {
'bServerSide': true,
'sAjaxSource': "/cgi-bin/koha/svc/members/search",
@@
-346,13
+351,13
@@
function filterByFirstLetterSurname(letter) {
[% IF ( CAN_user_borrowers && pending_borrower_modifications ) %]
<div class="pending-info" id="patron_updates_pending">
<a href="/cgi-bin/koha/members/members-update.pl">Patrons requesting modifications</a>:
[% IF ( CAN_user_borrowers && pending_borrower_modifications ) %]
<div class="pending-info" id="patron_updates_pending">
<a href="/cgi-bin/koha/members/members-update.pl">Patrons requesting modifications</a>:
- <span class="
holdcount
"><a href="/cgi-bin/koha/members/members-update.pl">[% pending_borrower_modifications %]</a></span>
+ <span class="
number_box
"><a href="/cgi-bin/koha/members/members-update.pl">[% pending_borrower_modifications %]</a></span>
</div>
[% END %]
<div id="searchresults">
<div id="searchheader">
</div>
[% END %]
<div id="searchresults">
<div id="searchheader">
- <h3>Patrons found for: <span id="searchpattern">[% IF searchmember %] for '[% searchmember %]'[% END %]</span></h3>
+ <h3>Patrons found for: <span id="searchpattern">[% IF searchmember %] for '[% searchmember
| html
%]'[% END %]</span></h3>
</div>
[% IF CAN_user_tools_manage_patron_lists %]
<div id="searchheader">
</div>
[% IF CAN_user_tools_manage_patron_lists %]
<div id="searchheader">
@@
-409,7
+414,7
@@
function filterByFirstLetterSurname(letter) {
</div>
</div>
<div class="yui-b">
</div>
</div>
<div class="yui-b">
- <form
onsubmit="return filter();
" id="searchform">
+ <form
method="get
" id="searchform">
<input type="hidden" id="firstletter_filter" value="" />
<fieldset class="brief">
<h3>Filters</h3>
<input type="hidden" id="firstletter_filter" value="" />
<fieldset class="brief">
<h3>Filters</h3>
@@
-506,13
+511,7
@@
function filterByFirstLetterSurname(letter) {
[% IF branches.size != 1 %]
<option value="">Any</option>
[% END %]
[% IF branches.size != 1 %]
<option value="">Any</option>
[% END %]
- [% FOREACH b IN branches %]
- [% IF b.selected %]
- <option selected="selected" value="[% b.branchcode %]">[% b.branchname %]</option>
- [% ELSE %]
- <option value="[% b.branchcode %]">[% b.branchname %]</option>
- [% END %]
- [% END %]
+ [% PROCESS options_for_libraries libraries => branches %]
</select>
</li>
</ol>
</select>
</li>
</ol>