Bug 10857: (follow-up) encode 'limit' parameter values

to allow facets with '&' character.

Signed-off-by: sonia bouis <sonia.bouis@univ-lyon3.fr>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>

diff --git a/C4/Search.pm b/C4/Search.pm
index b34f152..748bb1c 100644 (file)
--- a/C4/Search.pm
+++ b/C4/Search.pm
@@ -1557,7 +1557,7 @@ sub buildQuery {
             $group_OR_limits{$k} .= " or " if $group_OR_limits{$k};
             $limit_desc      .= " or " if $group_OR_limits{$k};
             $group_OR_limits{$k} .= "$this_limit";
-            $limit_cgi       .= "&limit=$this_limit";
+            $limit_cgi       .= "&limit=" . uri_escape($this_limit);
             $limit_desc      .= " $this_limit";
         }
 
@@ -1565,7 +1565,7 @@ sub buildQuery {
         else {
             $limit .= " and " if $limit || $query;
             $limit      .= "$this_limit";
-            $limit_cgi  .= "&limit=$this_limit";
+            $limit_cgi  .= "&limit=" . uri_escape($this_limit);
             if ($this_limit =~ /^branch:(.+)/) {
                 my $branchcode = $1;
                 my $branchname = GetBranchName($branchcode);

diff --git a/catalogue/search.pl b/catalogue/search.pl
index 5ad44d5..3d4efee 100755 (executable)
--- a/catalogue/search.pl
+++ b/catalogue/search.pl
@@ -154,6 +154,8 @@ use String::Random;
 use C4::Branch; # GetBranches
 use C4::Search::History;
 
+use URI::Escape;
+
 my $DisplayMultiPlaceHold = C4::Context->preference("DisplayMultiPlaceHold");
 # create a new CGI object
 # FIXME: no_undef_params needs to be tested
@@ -515,7 +517,7 @@ for my $this_cgi ( split('&',$limit_cgi) ) {
     my $input_name = $1;
     my $input_value = $2;
     $input_name =~ s/=$//;
-    push @limit_inputs, { input_name => $input_name, input_value => $input_value };
+    push @limit_inputs, { input_name => $input_name, input_value => uri_unescape($input_value) };
 }
 $template->param ( LIMIT_INPUTS => \@limit_inputs );
 

diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/facets.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/facets.inc
index e105e32..97891eb 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/includes/facets.inc
+++ b/koha-tmpl/intranet-tmpl/prog/en/includes/facets.inc
@@ -29,13 +29,14 @@
       [% IF ( sort_by ) %]
         [% SET url = url _ "&sort_by=" _ sort_by %]
       [% END %]
+      [% facet.facet_link_value = BLOCK %][% facet.facet_link_value | uri %][% END %]
       [% IF facet.active %]
         [% SET url = url _ "&nolimit=" _ facet.type_link_value _ ":" _ facet.facet_link_value %]
         <span class="facet-label">[% facet.facet_label_value %]</span>
-        [<a href="[% url |url %]" title="Remove facet [% facet.facet_link_value | html %]">x</a>]
+        [<a href="[% url %]" title="Remove facet [% facet.facet_title_value | html %]">x</a>]
       [% ELSE %]
         [% SET url = url _ "&amp;limit=" _ facet.type_link_value _ ":" _ facet.facet_link_value %]
-        <span class="facet-label"><a href="[% url | url %]" title="[% facet.facet_title_value |html %]">[% facet.facet_label_value %]</a></span>
+        <span class="facet-label"><a href="[% url %]" title="[% facet.facet_title_value |html %]">[% facet.facet_label_value %]</a></span>
         [% IF ( displayFacetCount ) %]
           <span class="facet-count"> ([% facet.facet_count %])</span>
         [% END %]

diff --git a/koha-tmpl/opac-tmpl/prog/en/includes/opac-facets.inc b/koha-tmpl/opac-tmpl/prog/en/includes/opac-facets.inc
index 1457e14..8354ec1 100644 (file)
--- a/koha-tmpl/opac-tmpl/prog/en/includes/opac-facets.inc
+++ b/koha-tmpl/opac-tmpl/prog/en/includes/opac-facets.inc
@@ -30,13 +30,14 @@
       [% IF ( sort_by ) %]
         [% SET url = url _ "&sort_by=" _ sort_by |html %]
       [% END %]
+      [% facet.facet_link_value = BLOCK %][% facet.facet_link_value | uri %][% END %]
       [% IF facet.active %]
         [% SET url = url _ "&nolimit=" _ facet.type_link_value _ ":" _ facet.facet_link_value %]
         <span class="facet-label">[% facet.facet_label_value %]</span>
-        [<a href="[% url |url %]" title="Remove facet [% facet.facet_link_value | html %]">x</a>]
+        [<a href="[% url %]" title="Remove facet [% facet.facet_link_value | html %]">x</a>]
       [% ELSE %]
         [% SET url = url _ "&amp;limit=" _ facet.type_link_value _ ":" _ facet.facet_link_value %]
-        <span class="facet-label"><a href="[% url | url %]" title="[% facet.facet_title_value |html %]">[% facet.facet_label_value %]</a></span>
+        <span class="facet-label"><a href="[% url %]" title="[% facet.facet_title_value |html %]">[% facet.facet_label_value %]</a></span>
         [% IF ( displayFacetCount ) %]
           <span class="facet-count"> ([% facet.facet_count %])</span>
         [% END %]

diff --git a/opac/opac-search.pl b/opac/opac-search.pl
index 2fe5303..5a8ccf2 100755 (executable)
--- a/opac/opac-search.pl
+++ b/opac/opac-search.pl
@@ -459,7 +459,7 @@ sub _input_cgi_parse {
     for my $this_cgi ( split('&',shift) ) {
         next unless $this_cgi;
         $this_cgi =~ /(.*?)=(.*)/;
-        push @elements, { input_name => $1, input_value => $2 };
+        push @elements, { input_name => $1, input_value => uri_unescape($2) };
     }
     return @elements;
 }