[open-ils-commits] [GIT] Evergreen ILS branch rel_2_6 updated. 3bb820144c9498a516e03eae2e2b4976b0e169c7

Evergreen Git git at git.evergreen-ils.org
Wed Jun 17 16:23:38 EDT 2015 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Evergreen ILS".

The branch, rel_2_6 has been updated
       via  3bb820144c9498a516e03eae2e2b4976b0e169c7 (commit)
      from  5bce280d656f18906d0543eeb1db81f49f3ea7ad (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 3bb820144c9498a516e03eae2e2b4976b0e169c7
Author: Bill Erickson <berickxx at gmail.com>
Date:   Wed Jun 17 13:27:05 2015 -0400

    LP#1446816 HTML-escape notes in XUL patron alert page
    
    Avoid rendering HTML contained in patron messages, etc. in the XUL
    patron stop-sign page.
    
    Thanks to Jason Etheridge, ESI for noting this problem and contributing
    the original patch fix.
    
    Signed-off-by: Bill Erickson <berickxx at gmail.com>
    Signed-off-by: Ben Shum <bshum at biblio.org>

diff --git a/Open-ILS/xul/staff_client/server/patron/display.js b/Open-ILS/xul/staff_client/server/patron/display.js
index 87b50e2..ba8a5b4 100644
--- a/Open-ILS/xul/staff_client/server/patron/display.js
+++ b/Open-ILS/xul/staff_client/server/patron/display.js
@@ -960,7 +960,7 @@ patron.display.prototype = {
                 obj._already_defaulted_once = true;
                 var msg = ''; obj.stop_checkouts = false;
                 if (patron.alert_message())
-                    msg += $("patronStrings").getFormattedString('staff.patron.display.init.network_request.alert_message', [patron.alert_message()]) + '<br/><br/>';
+                    msg += $("patronStrings").getFormattedString('staff.patron.display.init.network_request.alert_message', [(patron.alert_message()).replace(/</g,'<').replace(/>/g,'>')]) + '<br/><br/>';
                 //alert('obj.barcode = ' + obj.barcode);
                 if (obj.barcode) {
                     if (patron.cards()) for (var i = 0; i < patron.cards().length; i++) {
@@ -1020,9 +1020,9 @@ patron.display.prototype = {
                             dl_flag_opened = true;
                         }
                         msg += '<dt>';
-                        msg += obj.OpenILS.data.hash.aou[ penalties[i].org_unit() ].shortname() + ' : ' + penalties[i].standing_penalty().label() + '<br/>';
+                        msg += (obj.OpenILS.data.hash.aou[ penalties[i].org_unit() ].shortname() + ' : ' + penalties[i].standing_penalty().label()).replace(/</g,'<').replace(/>/g,'>') + '<br/>';
                         msg += '</dt><dd>';
-                        msg += (penalties[i].note())?penalties[i].note():'';
+                        msg += ((penalties[i].note())?penalties[i].note():'').replace(/</g,'<').replace(/>/g,'>');
                         msg += '</dd>';
                     }
                 }

-----------------------------------------------------------------------

Summary of changes:
 Open-ILS/xul/staff_client/server/patron/display.js |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
Evergreen ILS

More information about the open-ils-commits mailing list