Test plan:
0/ sudo cpanm Template::Stash::AutoEscaping
1/ Verify don't reproduce the XSS issue described on bug 13609 and other
xss related bugs.
2/ Try to find some encoding issues (detail page, search results,
facets, etc.)
Signed-off-by: Signed-off-by: Joonas Kylmälä <j.kylmala@gmail.com>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
'required' => '0',
'min_ver' => '0.03',
},
+ 'Template::Stash::AutoEscaping' => {
+ 'usage' => 'Code',
+ 'required' => '1',
+ 'min_ver' => '0.0303',
+ },
};
1;
use Carp;
use CGI qw ( -utf8 );
use List::MoreUtils qw/ any uniq /;
+use Template::Stash::AutoEscaping;
# Copyright 2009 Chris Cormack and The Koha Dev Team
#
COMPILE_DIR => $use_template_cache ? C4::Context->config('template_cache_dir') : '',
INCLUDE_PATH => \@includes,
FILTERS => {},
+ STASH => Template::Stash::AutoEscaping->new,
ENCODING => 'UTF-8',
}
) or die Template->error();
[% USE Koha %]
[% PROCESS 'opac-authorities.inc' %]
[% PROCESS 'authorities-search-results.inc' %]
-[% pagination = BLOCK %]
+[% BLOCK pagination %]
<div class="pagination">
<ul>
[% IF ( displayprev ) %]
<div id="userauthsearchresults" class="maincontent">
<h1>Authority search results</h1>
- [% pagination %]
+ [% PROCESS pagination %]
<div id="results">
[% IF ( total ) %]
</table>
</div> <!-- / .searchresults -->
- [% pagination %]
+ [% PROCESS pagination %]
[% END # / IF total %]
</div> <!-- / #userauthsearchresults -->