Bug 16481 - Report menu has unexpected issues

This patch corrects a problem with the reports toolbar include file
which can cause a problem with the "duplicate" button. The duplicate
button passes the entire report SQL as a URL parameter, but the template
variable was not escaped as a URL variable.

This patch also adds the "uri" filter to the report name and notes
fields just to be safe.

To reproduce the bug, create a new SQL report using the SQL in the bug
report. When you run the report you should see a broken "Duplicate"
button.

Apply the patch and run the report again. The duplicate button should
look correct and work correctly.

Signed-off-by: Aleisha <aleishaamohia@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/reports-toolbar.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/reports-toolbar.inc
index fef1166..198a364 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/includes/reports-toolbar.inc
+++ b/koha-tmpl/intranet-tmpl/prog/en/includes/reports-toolbar.inc
@@ -19,7 +19,7 @@
                 </div>
             [% END %]
             <div class="btn-group">
-                <a class="btn btn-small" title="Duplicate this saved report" href="/cgi-bin/koha/reports/guided_reports.pl?phase=Create report from SQL&amp;sql=[% sql %]&amp;reportname=[% reportname %]&amp;notes=[% notes %]">
+                <a class="btn btn-small" title="Duplicate this saved report" href="/cgi-bin/koha/reports/guided_reports.pl?phase=Create report from SQL&amp;sql=[% sql |uri %]&amp;reportname=[% reportname |uri %]&amp;notes=[% notes |uri %]">
                     <i class="fa fa-copy"></i> Duplicate
                 </a>
             </div>