projects / koha.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
bug 3652 fixing XSS vulnerabilities in opac-search
[koha.git] / koha-tmpl / opac-tmpl / prog / en / modules / opac-results-grouped.tt
diff --git a/koha-tmpl/opac-tmpl/prog/en/modules/opac-results-grouped.tt b/koha-tmpl/opac-tmpl/prog/en/modules/opac-results-grouped.tt
index 99c31bd..222d841 100644 (file)
--- a/koha-tmpl/opac-tmpl/prog/en/modules/opac-results-grouped.tt
+++ b/koha-tmpl/opac-tmpl/prog/en/modules/opac-results-grouped.tt
@@ -15,6 +15,12 @@ href="/cgi-bin/koha/opac-rss.pl?[% query_cgi %][% limit_cgi |html %]" />
 var q_array = new Array();  // will hold the search terms, if possible
 
 $(document).ready(function(){
+    [% IF ( OpacHighlightedWords ) %]
+        $('a.title').each(function() {
+            $(this).attr('href', $(this).attr('href') + '&query_desc=[% query_desc | url %]');
+        });
+    [% END %]
+
        $('#sortsubmit').hide();
     $('#sort_by').change(function() {
         $('#bookbag_form').submit();
@@ -56,8 +62,13 @@ $(document).ready(function(){
         return false;
     });
     [% IF ( query_desc ) %]
-    var query_desc = "[% query_desc |replace("'", "\'") |replace('"', '\"') |replace('\n', '\\n') |replace('\r', '\\r') %]";
+    var query_desc = "[% query_desc |replace("'", "\'") |replace('\n', '\\n') |replace('\r', '\\r') |html %]";
     q_array = query_desc.split(" ");
+    // ensure that we don't have "" at the end of the array, which can
+    // break the highlighter
+    while (q_array.length > 0 && q_array[q_array.length-1] == "") {
+        q_array = q_array.splice(0,-1);
+    }
     highlightOn();
     $("#highlight_toggle_on" ).hide().click(function() {highlightOn() ;});
     $("#highlight_toggle_off").show().click(function() {highlightOff();});
@@ -198,7 +209,7 @@ function highlightOn() {
             [% ELSE %]
                 <tr>
             [% END %]
-                    <td>[% IF ( OPACAmazonEnabled ) %]
+                    <td>[% IF ( OPACAmazonCoverImages ) %]
                         <a class="p1" href="/cgi-bin/koha/opac-detail.pl?biblionumber=[% GROUP_RESULT.biblionumber |url %]">[% IF ( GROUP_RESULT.isbn ) %]<img src="http://images.amazon.com/images/P/[% GROUP_RESULT.isbn %].01.TZZZZZZZ.jpg" alt="" class="thumbnail" />[% ELSE %]<img src="http://g-images.amazon.com/images/G/01/x-site/icons/no-img-sm.gif" alt="" class="thumbnail" />[% END %]
                         </a>
                         [% ELSE %]
Koha ILS @ FFZG - based on git://git.koha.org/pub/scm/koha.git