Bug 23451: Prevent XSS vulnerabilities in opac-imageviewer.pl

And certainly in other sripts as it is in opac-bottom.inc

Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-bottom.inc b/koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-bottom.inc
index 1705cee..af060ff 100644 (file)
--- a/koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-bottom.inc
+++ b/koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-bottom.inc
@@ -196,7 +196,7 @@ $.widget.bridge('uitooltip', $.ui.tooltip);
         return false;
     });
     $("#ulactioncontainer > ul > li > a.addtoshelf").on("click",function(){
-        Dopop('opac-addbybiblionumber.pl?biblionumber=[% biblionumber | html %]');
+        Dopop('opac-addbybiblionumber.pl?biblionumber=[% biblionumber | uri %]');
         return false;
     });
     $("body").on("click", ".addtocart", function(e){