Bug 19103: (follow-up) Fix Stored XSS in itemtypes.pl

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/itemtypes.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/itemtypes.tt
index 66b345f..5acd167 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/itemtypes.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/itemtypes.tt
@@ -387,7 +387,7 @@ Item types administration
               [% itemtype.rentalcharge | $Price %]
             [% END %]
             </td>
-            <td>[% itemtype.checkinmsg | html_line_break |html %]</td>
+            <td>[% itemtype.checkinmsg | html | html_line_break %]</td>
             <td class="actions">
               <a href="/cgi-bin/koha/admin/itemtypes.pl?op=add_form&amp;itemtype=[% itemtype.itemtype |html %]" class="btn btn-default btn-xs"><i class="fa fa-pencil"></i> Edit</a>
               <a href="/cgi-bin/koha/admin/itemtypes.pl?op=delete_confirm&amp;itemtype=[% itemtype.itemtype |html %]" class="btn btn-default btn-xs"><i class="fa fa-trash"></i> Delete</a>