Bug 19034: (followup) Fix letters.tt XSS flaw

author Tomas Cohen Arazi <tomascohen@theke.io>

Mon, 7 Aug 2017 14:27:33 +0000 (11:27 -0300)

committer Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Tue, 29 Aug 2017 15:00:37 +0000 (12:00 -0300)
author Tomas Cohen Arazi <tomascohen@theke.io>
Mon, 7 Aug 2017 14:27:33 +0000 (11:27 -0300)
committer Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Tue, 29 Aug 2017 15:00:37 +0000 (12:00 -0300)
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/letter.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/letter.tt

index 09a5e79..056f9b4 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/letter.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/letter.tt
@@ -198,7 +198,7 @@ $(document).ready(function() {
      </form>
  
                 [% IF ( search ) %]
-        <p>You searched for <b>[% searchfield %]</b></p>
+        <p>You searched for <b>[% searchfield | html %]</b></p>
                 [% END %]
                 [% IF ( letter && !independant_branch) %]
              [% select_for_copy = BLOCK %]
author	Tomas Cohen Arazi <tomascohen@theke.io>
	Mon, 7 Aug 2017 14:27:33 +0000 (11:27 -0300)
committer	Jonathan Druart <jonathan.druart@bugs.koha-community.org>
	Tue, 29 Aug 2017 15:00:37 +0000 (12:00 -0300)