Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
// Display card number in parentheses if it exists
cardnumber = " (" + item.cardnumber + ") ";
}
// Display card number in parentheses if it exists
cardnumber = " (" + item.cardnumber + ") ";
}
- var itemString = "<a href=\"" + item.link + "\">" + item.surname + ", " + item.firstname + cardnumber + " <small>";
+ var itemString = "<a href=\"" + item.link + "\">" + ( item.surname ? item.surname.escapeHtml() : "" ) + ", " + ( item.firstname ? item.firstname.escapeHtml() : "" ) + cardnumber.escapeHtml() + " <small>";
- itemString += item.dateofbirth + "<span class=\"age_years\"> (" + item.age + " " + _("years") + ")</span>, ";
+ itemString += ( item.dateofbirth ? item.dateofbirth.escapeHtml() : "" )
+ + "<span class=\"age_years\"> (" + ( item.age ? item.age.escapeHtml() : "" ) + " " + _("years") + ")</span>, ";
- itemString += item.address + " " + item.city + " " + item.zipcode + " " + item.country + "</small></a>";
+ itemString += ( item.address ? item.address.escapeHtml() : "" ) + " "
+ + ( item.city ? item.city.escapeHtml() : "" ) + " "
+ + ( item.zipcode ? item.city.escapeHtml() : "" ) + " "
+ + ( item.country ? item.country.escapeHtml() : "" )
+ + "</small></a>";
return $( "<li></li>" )
.data( "ui-autocomplete-item", item )
.append( itemString )
return $( "<li></li>" )
.data( "ui-autocomplete-item", item )
.append( itemString )
}
return $( "<li></li>" )
.data( "ui-autocomplete-item", item )
}
return $( "<li></li>" )
.data( "ui-autocomplete-item", item )
- .append( "<a href=\"" + item.link + "\">" + item.surname + ", " + item.firstname + cardnumber + " <small>" + item.dateofbirth + " " + item.address + " " + item.city + " " + item.zipcode + " " + item.country + "</small></a>" )
+ .append(
+ "<a href=\"" + item.link + "\">" + ( item.surname ? item.surname.escapeHtml() : "" ) + ", "
+ + ( item.firstname ? item.firstname.escapeHtml() : "" )
+ + cardnumber.escapeHtml()
+ + " <small>"
+ + ( item.dateofbirth ? item.dateofbirth.escapeHtml() : "" ) + " "
+ + ( item.address ? item.address.escapeHtml() : "" ) + " "
+ + ( item.city ? item.city.escapeHtml() : "" ) + " "
+ + ( item.zipcode ? item.zipcode.escapeHtml() : "" ) + " "
+ + ( item.country ? item.country.escapeHtml() : "" )
+ + "</small>"
+ + "</a>" )
.data( "ui-autocomplete" )._renderItem = function( ul, item ) {
return $( "<li></li>" )
.data( "ui-autocomplete-item", item )
.data( "ui-autocomplete" )._renderItem = function( ul, item ) {
return $( "<li></li>" )
.data( "ui-autocomplete-item", item )
- .append( "<a>" + item.surname + ", " + item.firstname +
- " (" + item.cardnumber + ") <small>" + item.address +
- " " + item.city + " " + item.zipcode + " " +
- item.country + "</small></a>" )
+ .append(
+ "<a>"
+ + ( item.surname ? item.surname.escapeHtml() : "" )
+ + ", "
+ + ( item.firstname ? item.firstname.escapeHtml() : "" )
+ + " (" + ( item.cardnumber ? item.cardnumber.escapeHtml() : "" ) + ")"
+ + " "
+ + "<small>"
+ + ( item.address ? item.address.escapeHtml() : "" )
+ + " "
+ + ( item.city ? item.city.escapeHtml() : "" )
+ + " "
+ + ( item.zipcode ? item.zipcode.escapeHtml() : "" )
+ + " "
+ + ( item.country ? item.country.escapeHtml() : "" )
+ + "</small>"
+ + "</a>" )
.data( "ui-autocomplete" )._renderItem = function( ul, item ) {
return $( "<li></li>" )
.data( "ui-autocomplete-item", item )
.data( "ui-autocomplete" )._renderItem = function( ul, item ) {
return $( "<li></li>" )
.data( "ui-autocomplete-item", item )
- .append( "<a>" + item.surname + ", " + item.firstname + " (" + item.cardnumber + ") <small>" + item.address + " " + item.city + " " + item.zipcode + " " + item.country + "</small></a>" )
+ .append(
+ "<a>"
+ + ( item.surname ? item.surname.escapeHtml() : "" )
+ + ", "
+ + ( item.firstname ? item.firstname.escapeHtml() : "" )
+ + " (" + ( item.cardnumber ? item.cardnumber.escapeHtml() : "" ) + ")"
+ + " "
+ + "<small>"
+ + ( item.address ? item.address.escapeHtml() : "" )
+ + " "
+ + ( item.city ? item.city.escapeHtml() : "" )
+ + " "
+ + ( item.zipcode ? item.zipcode.escapeHtml() : "" )
+ + " "
+ + ( item.country ? item.country.escapeHtml() : "" )
+ + "</small>"
+ + "</a>" )
});
function AddInstructor( name, borrowernumber ) {
});
function AddInstructor( name, borrowernumber ) {
- div = "<div class='instructor_line' id='borrower_" + borrowernumber + "'>" + name + " ( <a href='#' class='removeInstructor'><i class='fa fa-trash'></i> " + _("Remove")+ " </a> ) <input type='hidden' name='instructors' value='" + borrowernumber + "' /></div>";
+ div = "<div class='instructor_line' id='borrower_" + borrowernumber + "'>" + ( name ? name.escapeHtml() : "" ) + " ( <a href='#' class='removeInstructor'><i class='fa fa-trash'></i> " + _("Remove")+ " </a> ) <input type='hidden' name='instructors' value='" + borrowernumber + "' /></div>";
$('#instructors').append( div );
$('#find_instructor').val('').focus();
$('#instructors').append( div );
$('#find_instructor').val('').focus();
.data( "ui-autocomplete" )._renderItem = function( ul, item ) {
return $( "<li></li>" )
.data( "ui-autocomplete-item", item )
.data( "ui-autocomplete" )._renderItem = function( ul, item ) {
return $( "<li></li>" )
.data( "ui-autocomplete-item", item )
- .append( "<a>" + item.surname + ", " + item.firstname +
- " (" + item.cardnumber + ") <small>" + item.address +
- " " + item.city + " " + item.zipcode + " " +
- item.country + "</small></a>" )
+ .append(
+ "<a>"
+ + ( item.surname ? item.surname.escapeHtml() : "" )
+ + ", "
+ + ( item.firstname ? item.firstname.escapeHtml() : "" )
+ + " (" + ( item.cardnumber ? item.cardnumber.escapeHtml() : "" ) + ")"
+ + " "
+ + "<small>"
+ + ( item.address ? item.address.escapeHtml() : "" )
+ + " "
+ + ( item.city ? item.city.escapeHtml() : "" )
+ + " "
+ + ( item.zipcode ? item.zipcode.escapeHtml() : "" )
+ + " "
+ + ( item.country ? item.country.escapeHtml() : "" )
+ + "</small>"
+ + "</a>" )
.appendTo( ul );
};
[% END %]
.appendTo( ul );
};
[% END %]