Bug 27546: (follow-up) Escape new search string

author Nick Clemens <nick@bywatersolutions.com>

Tue, 26 Apr 2022 10:56:52 +0000 (10:56 +0000)

committer Tomas Cohen Arazi <tomascohen@theke.io>

Wed, 20 Jul 2022 12:23:26 +0000 (09:23 -0300)
author Nick Clemens <nick@bywatersolutions.com>
Tue, 26 Apr 2022 10:56:52 +0000 (10:56 +0000)
committer Tomas Cohen Arazi <tomascohen@theke.io>
Wed, 20 Jul 2022 12:23:26 +0000 (09:23 -0300)
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/results.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/results.tt

index ff13b58..1740b82 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/results.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/results.tt
@@ -776,7 +776,7 @@
              e.preventDefault();
              var index = $("#refine_search #idx").val() || "";
              if( index){index += ":";}
-            window.location.href = "/cgi-bin/koha/catalogue/search.pl?[% query_cgi | $raw %]&[% limit_cgi | $raw %]&[% sort_cgi | $raw %]&limit="+index+$("#refiner").val();
+            window.location.href = "/cgi-bin/koha/catalogue/search.pl?[% query_cgi | $raw %]&[% limit_cgi | $raw %]&[% sort_cgi | $raw %]&limit="+index+escape_str( $("#refiner").val() );
          });
      </script>
      [% Asset.js("js/pages/results.js") | $raw %]
author	Nick Clemens <nick@bywatersolutions.com>
	Tue, 26 Apr 2022 10:56:52 +0000 (10:56 +0000)
committer	Tomas Cohen Arazi <tomascohen@theke.io>
	Wed, 20 Jul 2022 12:23:26 +0000 (09:23 -0300)