Bug 13609: Cross Site Scripting problem in authority search result list paging

author Katrin Fischer <katrin.fischer@bsz-bw.de>

Thu, 22 Jan 2015 13:41:09 +0000 (14:41 +0100)

committer Tomas Cohen Arazi <tomascohen@gmail.com>

Thu, 22 Jan 2015 19:39:14 +0000 (16:39 -0300)
author Katrin Fischer <katrin.fischer@bsz-bw.de>
Thu, 22 Jan 2015 13:41:09 +0000 (14:41 +0100)
committer Tomas Cohen Arazi <tomascohen@gmail.com>
Thu, 22 Jan 2015 19:39:14 +0000 (16:39 -0300)
diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-authoritiessearchresultlist.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-authoritiessearchresultlist.tt

index eaef8b6..00d657e 100644 (file)
--- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-authoritiessearchresultlist.tt
+++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-authoritiessearchresultlist.tt
@@ -6,7 +6,7 @@
          <ul>
              [% IF ( displayprev ) %]
                  <li>
-                    <a href="opac-authorities-home.pl?startfrom=[% startfromprev %]&amp;[% FOREACH searchdat IN searchdata %][% searchdat.term %]=[% searchdat.val |url %]&amp;[% END %]resultsperpage=[% resultsperpage %]&amp;type=opac&amp;op=do_search&amp;authtypecode=[% authtypecode %]&amp;orderby=[% orderby %]">
+                    <a href="opac-authorities-home.pl?startfrom=[% startfromprev %]&amp;[% FOREACH searchdat IN searchdata %][% searchdat.term %]=[% searchdat.val |url %]&amp;[% END %]resultsperpage=[% resultsperpage %]&amp;type=opac&amp;op=do_search&amp;authtypecode=[% authtypecode %]&amp;orderby=[% orderby|html %]">
                          &laquo;
                      </a>
                  </li>
@@ -15,12 +15,12 @@
                  [% IF ( number.highlight ) %]
                      <li class="active"><a href="#">[% number.number %]</a></li>
                  [% ELSE %]
-                    <li><a href="opac-authorities-home.pl?startfrom=[% number.startfrom %]&amp;[% FOREACH searchdat IN number.searchdata %][% searchdat.term %]=[% searchdat.val |url %]&amp;[% END %]resultsperpage=[% resultsperpage %]&amp;type=opac&amp;op=do_search&amp;authtypecode=[% authtypecode %]&amp;orderby=[% orderby %]">[% number.number %]</a></li>
+                    <li><a href="opac-authorities-home.pl?startfrom=[% number.startfrom %]&amp;[% FOREACH searchdat IN number.searchdata %][% searchdat.term %]=[% searchdat.val |url %]&amp;[% END %]resultsperpage=[% resultsperpage %]&amp;type=opac&amp;op=do_search&amp;authtypecode=[% authtypecode %]&amp;orderby=[% orderby|html %]">[% number.number %]</a></li>
                  [% END %]
              [% END %]
              [% IF ( displaynext ) %]
                  <li>
-                    <a href="opac-authorities-home.pl?startfrom=[% startfromnext %]&amp;[% FOREACH searchdat IN searchdata %][% searchdat.term %]=[% searchdat.val |url %]&amp;[% END %]&amp;resultsperpage=[% resultsperpage %]&amp;type=opac&amp;op=do_search&amp;authtypecode=[% authtypecode %]&amp;orderby=[% orderby %]">&raquo;</a>
+                    <a href="opac-authorities-home.pl?startfrom=[% startfromnext %]&amp;[% FOREACH searchdat IN searchdata %][% searchdat.term %]=[% searchdat.val |url %]&amp;[% END %]&amp;resultsperpage=[% resultsperpage %]&amp;type=opac&amp;op=do_search&amp;authtypecode=[% authtypecode %]&amp;orderby=[% orderby|html %]">&raquo;</a>
                  </li>
              [% END %]
          </ul>
author	Katrin Fischer <katrin.fischer@bsz-bw.de>
	Thu, 22 Jan 2015 13:41:09 +0000 (14:41 +0100)
committer	Tomas Cohen Arazi <tomascohen@gmail.com>
	Thu, 22 Jan 2015 19:39:14 +0000 (16:39 -0300)