Bug 13618: Add html filters to all the variables

[koha.git] / koha-tmpl / intranet-tmpl / prog / en / modules / virtualshelves / tables / shelves_results.tt

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/virtualshelves/tables/shelves_results.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/virtualshelves/tables/shelves_results.tt
index 2593a7a..a9c4da5 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/virtualshelves/tables/shelves_results.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/virtualshelves/tables/shelves_results.tt
@@ -1,22 +1,23 @@
+[% USE raw %]
 [% USE KohaDates %]
 [% USE To %]
 {
-    "sEcho": [% sEcho %],
-    "iTotalRecords": [% iTotalRecords %],
-    "iTotalDisplayRecords": [% iTotalDisplayRecords %],
+    "sEcho": [% sEcho | html %],
+    "iTotalRecords": [% iTotalRecords | html %],
+    "iTotalDisplayRecords": [% iTotalDisplayRecords | html %],
     "aaData": [
         [% FOREACH data IN aaData %]
             {
                 "dt_type":
-                    "[% data.type %]",
+                    "[% data.type | html %]",
                 "dt_shelfname":
-                    "<a href='/cgi-bin/koha/virtualshelves/shelves.pl?op=view&shelfnumber=[% data.shelfnumber %]'>[% data.shelfname | html%]</a>",
+                    "<a href='/cgi-bin/koha/virtualshelves/shelves.pl?op=view&shelfnumber=[% data.shelfnumber | html %]'>[% data.shelfname | html %]</a>",
                 "dt_count":
-                    "[% data.count %] item(s)",
+                    "[% data.count | html %] item(s)",
                 "dt_is_shared":
                     "[% IF data.type == 2 %]Public[% ELSIF data.is_shared %]Shared[% ELSE %]Private[% END %]",
                 "dt_owner":
-                    "<a href='/cgi-bin/koha/members/moremember.pl?borrowernumber=[% data.owner %]'>[% data.firstname %] [% data.surname %]</a>",
+                    "<a href='/cgi-bin/koha/members/moremember.pl?borrowernumber=[% data.owner | html %]'>[% data.firstname | html %] [% data.surname | html %]</a>",
                 "dt_sortby":
                     [% IF data.sortby == "author" %]"Author"[% ELSIF data.sortby == "copyrightdate" %]"Year"[% ELSIF data.sortby == "itemcallnumber" %]"Call number"[% ELSE %]"Title"[% END %],
                 "dt_created_on":
@@ -34,27 +35,27 @@
 [%~ SET action_block = '' ~%]
 [%~ IF can_manage_shelf OR can_delete_shelf ~%]
     [%~ IF can_manage_shelf ~%]
-        [%~ action_block =                '<form action="shelves.pl" method="get">' ~%]
-        [%~ action_block = action_block _ '<input type="hidden" name="shelfnumber" value="' _ shelfnumber  _ '" />' ~%]
-        [%~ action_block = action_block _ '<input type="hidden" name="op" value="edit_form" />' ~%]
-        [%~ action_block = action_block _ '<input type="hidden" name="category" value="' _ type _ '" />' ~%]
-        [%~ action_block = action_block _ '<input type="hidden" name="referer" value="list" />' ~%]
+        [%~ action_block =                '<form action="shelves.pl" method="get">' | html ~%]
+        [%~ action_block = action_block _ '<input type="hidden" name="shelfnumber" value="' _ shelfnumber  _ '" />' | html ~%]
+        [%~ action_block = action_block _ '<input type="hidden" name="op" value="edit_form" />' | html ~%]
+        [%~ action_block = action_block _ '<input type="hidden" name="category" value="' _ type _ '" />' | html ~%]
+        [%~ action_block = action_block _ '<input type="hidden" name="referer" value="list" />' | html ~%]
         [%~ action_block = action_block _ '<button class="editshelf btn btn-default btn-xs"><i class="fa fa-pencil"></i> Edit</button>' ~%]
-        [%~ action_block = action_block _ '</form> ' ~%]
+        [%~ action_block = action_block _ '</form> ' | html ~%]
     [%~ END ~%]
     [%~ IF can_manage_shelf OR can_delete_shelf ~%]
-        [%~ action_block = action_block _ ' <form action="shelves.pl" method="post">' ~%]
-        [%~ action_block = action_block _ '<input type="hidden" name="shelfoff" value="' _ shelfoff _ '" />' ~%]
-        [%~ action_block = action_block _ '<input type="hidden" name="shelves" value="1" />' ~%]
-        [%~ action_block = action_block _ '<input type="hidden" name="op" value="delete" />' ~%]
-        [%~ action_block = action_block _ '<input type="hidden" name="shelfnumber" value="' _ shelfnumber  _ '" />' ~%]
-        [%~ action_block = action_block _ '<input type="hidden" name="category" value="' _ type _ '" />' ~%]
-        [%~ action_block = action_block _ '<input type="hidden" name="referer" value="list" />' ~%]
+        [%~ action_block = action_block _ ' <form action="shelves.pl" method="post">' | html ~%]
+        [%~ action_block = action_block _ '<input type="hidden" name="shelfoff" value="' _ shelfoff _ '" />' | html ~%]
+        [%~ action_block = action_block _ '<input type="hidden" name="shelves" value="1" />' | html ~%]
+        [%~ action_block = action_block _ '<input type="hidden" name="op" value="delete" />' | html ~%]
+        [%~ action_block = action_block _ '<input type="hidden" name="shelfnumber" value="' _ shelfnumber  _ '" />' | html ~%]
+        [%~ action_block = action_block _ '<input type="hidden" name="category" value="' _ type _ '" />' | html ~%]
+        [%~ action_block = action_block _ '<input type="hidden" name="referer" value="list" />' | html ~%]
         [%~ action_block = action_block _ '<button type="submit" class="deleteshelf btn btn-default btn-xs"><i class="fa fa-trash"></i> Delete</button>' ~%]
-        [%~ action_block = action_block _ '</form>' ~%]
+        [%~ action_block = action_block _ '</form>' | html ~%]
     [%~ END ~%]
 [%~ ELSE ~%]
     [%~ SET action_block = 'None' ~%]
 [%~ END ~%]
-[%~ To.json(action_block) ~%]
+[%~ To.json(action_block) | $raw ~%]
 [%~ END ~%]