Incremental fix for Bug 2847, Use HTML escape in templates where appropriate

[koha.git] / koha-tmpl / intranet-tmpl / prog / en / modules / acqui / basket.tt

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basket.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basket.tt
index 90ddacb..c0b62f2 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basket.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basket.tt
@@ -1,5 +1,5 @@
 [% INCLUDE 'doc-head-open.inc' %]
-<title>Koha &rsaquo; Acquisitions &rsaquo; [% UNLESS ( basketno ) %]New [% END %][% IF ( delete_confirm ) %]Delete [% END %]Basket [% basketname %] ([% basketno %]) for [% name %]</title>
+<title>Koha &rsaquo; Acquisitions &rsaquo; [% UNLESS ( basketno ) %]New [% END %][% IF ( delete_confirm ) %]Delete [% END %]Basket [% basketname|html %] ([% basketno %]) for [% name|html %]</title>
 [% INCLUDE 'doc-head-close.inc' %]
 [% UNLESS ( closedate ) %]
 <script type="text/javascript" src="[% themelang %]/lib/jquery/plugins/jquery.tablesorter.min.js"></script>
@@ -13,20 +13,13 @@
             }
         });
     });
-//]]>
-</script>
-<script type="text/javascript">
-//<![CDATA[
             function confirm_close() {
                 var is_confirmed = confirm(_('Are you sure you want to close this basket?'));
                 if (is_confirmed) {
                     window.location = "[% script_name %]?op=close&basketno=[% basketno %]";
                 }
             }
-//]]>
-        </script>
-<script type="text/javascript">
-//<![CDATA[
+
             function confirm_deletion() {
                 var is_confirmed = confirm(_('Are you sure you want to delete this basket?'));
                 if (is_confirmed) {
@@ -72,7 +65,7 @@
 [% INCLUDE 'acquisitions-search.inc' %]
 
 
-<div id="breadcrumbs"><a href="/cgi-bin/koha/mainpage.pl">Home</a> &rsaquo; <a href="/cgi-bin/koha/acqui/acqui-home.pl">Acquisitions</a> &rsaquo; <a href="/cgi-bin/koha/acqui/supplier.pl?supplierid=[% booksellerid %]">[% name %]</a> &rsaquo; [% UNLESS ( basketno ) %]New [% END %][% IF ( delete_confirm ) %]Delete [% END %]Basket [% basketname %] ([% basketno %]) for [% name %]</div>
+<div id="breadcrumbs"><a href="/cgi-bin/koha/mainpage.pl">Home</a> &rsaquo; <a href="/cgi-bin/koha/acqui/acqui-home.pl">Acquisitions</a> &rsaquo; <a href="/cgi-bin/koha/acqui/supplier.pl?supplierid=[% booksellerid %]">[% name|html %]</a> &rsaquo; [% UNLESS ( basketno ) %]New [% END %][% IF ( delete_confirm ) %]Delete [% END %]Basket [% basketname|html %] ([% basketno %]) for [% name|html %]</div>
 
 <div id="doc3" class="yui-t2">
 
@@ -148,7 +141,7 @@
             <h3>Basket deleted</h3>
             <META HTTP-EQUIV=Refresh CONTENT="0; url=booksellers.pl">
         [% ELSE %]
-        <h1>[% UNLESS ( basketno ) %]New [% END %][% IF ( delete_confirm ) %]Delete [% END %]Basket [% basketname %] ([% basketno %]) for <a href="supplier.pl?supplierid=[% booksellerid %]">[% name %]</a></h1>
+        <h1>[% UNLESS ( basketno ) %]New [% END %][% IF ( delete_confirm ) %]Delete [% END %]Basket [% basketname|html %] ([% basketno %]) for <a href="supplier.pl?supplierid=[% booksellerid %]">[% name|html %]</a></h1>
         [% IF ( delete_confirm ) %]
             <h2>
             <span class="yui-button yui-link-button">
@@ -333,7 +326,7 @@
         <div id="closebasket_needsconfirmation" class="dialog alert">
 
         <form action="/cgi-bin/koha/acqui/basket.pl" class="confirm">
-            <h1>Are you sure you want to close basket [% basketname %]?</h1>
+            <h1>Are you sure you want to close basket [% basketname|html %]?</h1>
             <p>
             <label for="createbasketgroup">Attach this basket to a new basket group with the same name</label>
             <input type="checkbox" id="createbasketgroup" name="createbasketgroup"/>