Bug 18726: Fix XSS at the OPAC - biblionumber

author Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Wed, 9 Aug 2017 17:08:24 +0000 (14:08 -0300)

committer Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Tue, 29 Aug 2017 15:00:37 +0000 (12:00 -0300)
author Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Wed, 9 Aug 2017 17:08:24 +0000 (14:08 -0300)
committer Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Tue, 29 Aug 2017 15:00:37 +0000 (12:00 -0300)
diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-bottom.inc b/koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-bottom.inc

index 80626e0..8346691 100644 (file)
--- a/koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-bottom.inc
+++ b/koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-bottom.inc
@@ -154,15 +154,15 @@ $.widget.bridge('uitooltip', $.ui.tooltip);
          return false;
      });
      $("#ulactioncontainer > ul > li > a.addtoshelf").on("click",function(){
-        Dopop('opac-addbybiblionumber.pl?biblionumber=[% biblionumber %]');
+        Dopop('opac-addbybiblionumber.pl?biblionumber=[% biblionumber | html %]');
          return false;
      });
      $(".addrecord").on("click",function(){
-        addRecord('[% biblionumber %]');
+        addRecord('[% biblionumber | html %]');
          return false;
      });
      $(".cartRemove").on("click",function(){
-        delSingleRecord('[% biblionumber %]');
+        delSingleRecord('[% biblionumber | html %]');
          return false;
      });
      $(".clearsh").on("click", function(){
diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-detail-sidebar.inc b/koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-detail-sidebar.inc

index 17fd0e8..5e96b0f 100644 (file)
--- a/koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-detail-sidebar.inc
+++ b/koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-detail-sidebar.inc
@@ -4,7 +4,7 @@
          [% IF Koha.Preference( 'opacuserlogin' ) == 1 %]
              [% IF Koha.Preference( 'RequestOnOpac' ) == 1 %]
                  [% IF ( AllowOnShelfHolds OR ItemsIssued ) %]
-                    <li><a class="reserve" href="/cgi-bin/koha/opac-reserve.pl?biblionumber=[% biblionumber %]">Place hold</a></li>
+                    <li><a class="reserve" href="/cgi-bin/koha/opac-reserve.pl?biblionumber=[% biblionumber | html %]">Place hold</a></li>
                  [% END %]
              [% END %]
          [% END %]
@@ -14,21 +14,21 @@
  
      [% IF Koha.Preference( 'opacuserlogin' ) == 1 %]
          [% IF Koha.Preference('ArticleRequests') %]
-            <li><a class="article_request" href="/cgi-bin/koha/opac-request-article.pl?biblionumber=[% biblionumber %]">Request article</a></li>
+            <li><a class="article_request" href="/cgi-bin/koha/opac-request-article.pl?biblionumber=[% biblionumber | html %]">Request article</a></li>
          [% END %]
      [% END %]
  
      [% IF Koha.Preference( 'virtualshelves' ) == 1 %]
          [% IF ( ( Koha.Preference( 'opacuserlogin' ) == 1 ) && loggedinusername ) %]
-            <li><a class="addtoshelf" href="/cgi-bin/koha/opac-addbybiblionumber.pl?biblionumber=[% biblionumber %]">Save to your lists</a></li>
+            <li><a class="addtoshelf" href="/cgi-bin/koha/opac-addbybiblionumber.pl?biblionumber=[% biblionumber | html %]">Save to your lists</a></li>
          [% END %]
      [% END %]
  
      [% IF Koha.Preference( 'opacbookbag' ) == 1 %]
          [% IF ( incart ) %]
-            <li><a class="incart cart[% biblionumber %] addrecord" href="#">In your cart</a> <a class="cartRemove cartR[% biblionumber %]" href="#">(remove)</a></li>
+            <li><a class="incart cart[% biblionumber | html %] addrecord" href="#">In your cart</a> <a class="cartRemove cartR[% biblionumber | html %]" href="#">(remove)</a></li>
          [% ELSE %]
-            <li><a class="addtocart cart[% biblionumber %] addrecord" href="#">Add to your cart</a>  <a style="display:none;" class="cartRemove cartR[% biblionumber %]" href="#">(remove)</a></li>
+            <li><a class="addtocart cart[% biblionumber | html %] addrecord" href="#">Add to your cart</a>  <a style="display:none;" class="cartRemove cartR[% biblionumber | html %]" href="#">(remove)</a></li>
          [% END %]
      [% END %]
  
@@ -51,7 +51,7 @@
                                      <li><a role="menuitem" href="#" data-toggle="modal" data-target="#exportModal_">Dublin Core</a></li>
                                  [% ELSE %]
                                  <li>
-                                    <a role="menuitem" href="/cgi-bin/koha/opac-export.pl?op=export&amp;bib=[% biblionumber %]&amp;format=[% option %]">
+                                    <a role="menuitem" href="/cgi-bin/koha/opac-export.pl?op=export&amp;bib=[% biblionumber | html %]&amp;format=[% option %]">
                                          [% SWITCH option %]
                                              [% CASE 'bibtex' %]BIBTEX
                                              [% CASE 'endnote' %]EndNote
@@ -107,7 +107,7 @@
                  <label class="label_dc" for="input-srw">SRW-DC</label>
                  <br>
          <input type="hidden" name="op" value="export">
-        <input type="hidden" name="bib" value="[% biblionumber %]">
+        <input type="hidden" name="bib" value="[% biblionumber | html %]">
          </fieldset>
      </div>
      <div class="modal-footer">
diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-ISBDdetail.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-ISBDdetail.tt

index 108b9bf..42d5f79 100644 (file)
--- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-ISBDdetail.tt
+++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-ISBDdetail.tt
@@ -19,7 +19,7 @@
                      <div id="usermarcdetail">
                          <div id="catalogue_detail_biblio">
                              <div id="views">
-                                <span class="view"><a id="Normalview" href="/cgi-bin/koha/opac-detail.pl?biblionumber=[% biblionumber %]">Normal view</a></span> <span class="view"><a id="MARCview" href="/cgi-bin/koha/opac-MARCdetail.pl?biblionumber=[% biblionumber %]">MARC view</a></span> <span class="view current-view"><span id="ISBDview">ISBD view</span></span></div>
+                                <span class="view"><a id="Normalview" href="/cgi-bin/koha/opac-detail.pl?biblionumber=[% biblionumber | html %]">Normal view</a></span> <span class="view"><a id="MARCview" href="/cgi-bin/koha/opac-MARCdetail.pl?biblionumber=[% biblionumber | html %]">MARC view</a></span> <span class="view current-view"><span id="ISBDview">ISBD view</span></span></div>
  
                                  <div id="isbdcontents">[% ISBD %]</div>
  
diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-MARCdetail.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-MARCdetail.tt

index 1f0680e..db570b3 100644 (file)
--- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-MARCdetail.tt
+++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-MARCdetail.tt
@@ -1,6 +1,6 @@
  [% USE Koha %]
  [% INCLUDE 'doc-head-open.inc' %]
-<title>[% IF ( LibraryNameTitle ) %][% LibraryNameTitle %][% ELSE %]Koha online[% END %] catalog &rsaquo;  MARC details for record no. [% biblionumber %]</title>
+<title>[% IF ( LibraryNameTitle ) %][% LibraryNameTitle %][% ELSE %]Koha online[% END %] catalog &rsaquo;  MARC details for record no. [% biblionumber | html %]</title>
  [% INCLUDE 'doc-head-close.inc' %]
  [% BLOCK cssinclude %][% END %]
  </head>
@@ -20,14 +20,14 @@
                          <div id="catalogue_detail_biblio">
  
                              <div id="views">
-                                <span class="view"><a id="Normalview" href="/cgi-bin/koha/opac-detail.pl?biblionumber=[% biblionumber %]">Normal view</a></span>
+                                <span class="view"><a id="Normalview" href="/cgi-bin/koha/opac-detail.pl?biblionumber=[% biblionumber | html %]">Normal view</a></span>
                                  <span class="view current-view"><span id="MARCview">MARC view</span></span>
-                                [% IF ( ISBD ) %]<span class="view"><a id="ISBDview"  href="/cgi-bin/koha/opac-ISBDdetail.pl?biblionumber=[% biblionumber %]">ISBD view</a></span>[% END %]
+                                [% IF ( ISBD ) %]<span class="view"><a id="ISBDview"  href="/cgi-bin/koha/opac-ISBDdetail.pl?biblionumber=[% biblionumber | html %]">ISBD view</a></span>[% END %]
                              </div>
-                            <h1 class="title">[% bibliotitle %] (Record no. [% biblionumber %])</h1>
+                            <h1 class="title">[% bibliotitle %] (Record no. [% biblionumber | html %])</h1>
  
                              [% IF ( OPACXSLTDetailsDisplay ) %]
-                                <div id="switchview_div">[ <a id="switchview" href="/cgi-bin/koha/opac-showmarc.pl?id=[% biblionumber %]&amp;viewas=html">view plain</a> ]</div>
+                                <div id="switchview_div">[ <a id="switchview" href="/cgi-bin/koha/opac-showmarc.pl?id=[% biblionumber | html %]&amp;viewas=html">view plain</a> ]</div>
                                  <div id="plainmarc"></div>
                              [% END %]
  
@@ -190,7 +190,7 @@ $(document).ready(function(){
              $(this).text(_("view labeled"));
              $("#labeledmarc").hide();
              if(!loaded){
-                $("#plainmarc").show().html("<div style=\"margin:1em;padding:1em;border:1px solid #EEE;font-size:150%;\"><img src=\"[% interface %]/[% theme %]/images/loading.gif\" /> "+_("Loading")+"...</div>").load("/cgi-bin/koha/opac-showmarc.pl","id=[% biblionumber %]&viewas=html");
+                $("#plainmarc").show().html("<div style=\"margin:1em;padding:1em;border:1px solid #EEE;font-size:150%;\"><img src=\"[% interface %]/[% theme %]/images/loading.gif\" /> "+_("Loading")+"...</div>").load("/cgi-bin/koha/opac-showmarc.pl","id=[% biblionumber | html %]&viewas=html");
                  loaded = 1;
              } else {
                  $("#plainmarc").show();
diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-alert-subscribe.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-alert-subscribe.tt

index b87072f..83408b7 100644 (file)
--- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-alert-subscribe.tt
+++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-alert-subscribe.tt
@@ -10,7 +10,7 @@
      <div class="main">
          <ul class="breadcrumb">
              <li><a href="/cgi-bin/koha/opac-main.pl">Home</a> <span class="divider">&rsaquo;</span></li>
-            <li><a href="/cgi-bin/koha/opac-detail.pl?biblionumber=[% biblionumber %]">Details for [% bibliotitle %]</a> <span class="divider">&rsaquo;</span></li>
+            <li><a href="/cgi-bin/koha/opac-detail.pl?biblionumber=[% biblionumber | html %]">Details for [% bibliotitle %]</a> <span class="divider">&rsaquo;</span></li>
              <li><a href="#">[% IF ( typeissue ) %]Subscribe to a subscription alert [% ELSIF ( typeissuecancel ) %] Unsubscribe from a subscription alert [% END %]</a></li>
          </ul>
  
@@ -27,10 +27,10 @@
                                  <input type="hidden" name="externalid" value="[% externalid %]">
                                  <input type="hidden" name="alerttype" value="[% alerttype %]">
                                  <input type="hidden" name="referer" value="[% referer %]">
-                                <input type="hidden" name="biblionumber" value="[% biblionumber %]">
+                                <input type="hidden" name="biblionumber" value="[% biblionumber | html %]">
                                  <input type="hidden" name="op" value="alert_confirmed">
                                  <input type="submit" class="btn" value="Yes">
-                                <a class="cancel" href="opac-serial-issues.pl?biblionumber=[% biblionumber %]" >No</a>
+                                <a class="cancel" href="opac-serial-issues.pl?biblionumber=[% biblionumber | html %]" >No</a>
                              </form>
                          [% END %]
                          [% IF ( typeissuecancel ) %]
@@ -42,10 +42,10 @@
                                  <input type="hidden" name="externalid" value="[% externalid %]">
                                  <input type="hidden" name="alerttype" value="[% alerttype %]">
                                  <input type="hidden" name="referer" value="[% referer %]">
-                                <input type="hidden" name="biblionumber" value="[% biblionumber %]">
+                                <input type="hidden" name="biblionumber" value="[% biblionumber | html %]">
                                  <input type="hidden" name="op" value="cancel_confirmed">
                                  <input type="submit" value="Yes" class="btn">
-                                <a href="opac-serial-issues.pl?biblionumber=[% biblionumber %]" class="cancel">No</a>
+                                <a href="opac-serial-issues.pl?biblionumber=[% biblionumber | html %]" class="cancel">No</a>
                              </form>
                          [% END %]
                      </div> <!-- / #useralertsubscribe -->
diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-detail.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-detail.tt

index d95dc8c..1f973f0 100644 (file)
--- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-detail.tt
+++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-detail.tt
@@ -56,7 +56,7 @@
  
                      <div id="bookcover">
                      [% IF ( OPACLocalCoverImages ) %]
-                        <div title="[% biblionumber |url %]" class="[% biblionumber %]" id="local-thumbnail-preview"></div>
+                        <div title="[% biblionumber |url %]" class="[% biblionumber | html %]" id="local-thumbnail-preview"></div>
                      [% END %]
                      [% IF ( OPACAmazonCoverImages ) %]
                          [% IF ( OPACURLOpenInNewWindow ) %]
@@ -104,15 +104,15 @@
                      [% END %]
                      </div><!-- / #bookcover -->
  
-                    <abbr class="unapi-id" title="koha:biblionumber:[% biblionumber %]"><!-- unAPI --></abbr>
+                    <abbr class="unapi-id" title="koha:biblionumber:[% biblionumber | html %]"><!-- unAPI --></abbr>
                      [% IF ( ocoins ) # COinS / Openurl %]
                          <span class="Z3988" title="[% ocoins %]"></span>
                      [% END %]
  
                      <div id="views">
                          <span class="view current-view"><span id="Normalview">Normal view</span></span>
-                        <span class="view"><a id="MARCview" href="/cgi-bin/koha/opac-MARCdetail.pl?biblionumber=[% biblionumber %]">MARC view</a></span>
-                        [% IF ( ISBD ) %]<span class="view"><a id="ISBDview" href="/cgi-bin/koha/opac-ISBDdetail.pl?biblionumber=[% biblionumber %]">ISBD view</a></span>[% END %]
+                        <span class="view"><a id="MARCview" href="/cgi-bin/koha/opac-MARCdetail.pl?biblionumber=[% biblionumber | html %]">MARC view</a></span>
+                        [% IF ( ISBD ) %]<span class="view"><a id="ISBDview" href="/cgi-bin/koha/opac-ISBDdetail.pl?biblionumber=[% biblionumber | html %]">ISBD view</a></span>[% END %]
                      </div>
                      [% IF ( OPACXSLTDetailsDisplay ) %]
                          [% XSLTBloc %]
@@ -408,16 +408,16 @@
                              [% END %]
                              [% IF ( TagsInputEnabled ) %]
                                  [% IF ( loggedinusername ) %]
-                                    <form id="tagform[% biblionumber %]" method="post" action="/cgi-bin/koha/opac-tags.pl" style="display:none;">
-                                        <label for="newtag[% biblionumber %]">New tag(s), separated by a comma:</label>
-                                        <input name="newtag[% biblionumber %]" id="newtag[% biblionumber %]" maxlength="100" type="text"/>
-                                        <input name="tagbutton" class="btn btn-small tagbutton" title="[% biblionumber %]" type="submit" value="Add" />
-                                        <a class="cancel_tag_add" id="cancel[% biblionumber %]" href="#">(done)</a>
+                                    <form id="tagform[% biblionumber | html %]" method="post" action="/cgi-bin/koha/opac-tags.pl" style="display:none;">
+                                        <label for="newtag[% biblionumber | html %]">New tag(s), separated by a comma:</label>
+                                        <input name="newtag[% biblionumber | html %]" id="newtag[% biblionumber | html %]" maxlength="100" type="text"/>
+                                        <input name="tagbutton" class="btn btn-small tagbutton" title="[% biblionumber | html %]" type="submit" value="Add" />
+                                        <a class="cancel_tag_add" id="cancel[% biblionumber | html %]" href="#">(done)</a>
                                      </form>
-                                    <span id="newtag[% biblionumber %]_status" class="tagstatus" style="display:none;">
+                                    <span id="newtag[% biblionumber | html %]_status" class="tagstatus" style="display:none;">
                                          Tag status here.
                                      </span>
-                                    <a class="tag_add" id="tag_add[% biblionumber %]" href="#">Add tag(s)</a>
+                                    <a class="tag_add" id="tag_add[% biblionumber | html %]" href="#">Add tag(s)</a>
                                  [% ELSE %]
                                      <span id="login4tags">
                                          [% IF Koha.Preference('casAuthentication') %]
@@ -497,7 +497,7 @@
  
                                  <!-- define some hidden vars for ratings -->
  
-                                <input  type="hidden" name='biblionumber'  value="[% biblionumber %]" />
+                                <input  type="hidden" name='biblionumber'  value="[% biblionumber | html %]" />
                                  <input  type="hidden" name='rating_value' id='rating_value' value="[% my_rating.rating_value %]" />
  
                                  [% UNLESS ( rating_readonly ) %]&nbsp;  <input name="rate_button" type="submit" value="Rate me" />[% END %]&nbsp;
@@ -651,7 +651,7 @@
  
                      <div id="holdings">
                          [% IF too_many_items %]
-                            <p>This record has many physical items ([% items_count %]). <a href="/cgi-bin/koha/opac-detail.pl?biblionumber=[% biblionumber %]&amp;viewallitems=1">Click here to view them all.</a></p>
+                            <p>This record has many physical items ([% items_count %]). <a href="/cgi-bin/koha/opac-detail.pl?biblionumber=[% biblionumber | html %]&amp;viewallitems=1">Click here to view them all.</a></p>
                          [% ELSIF ( itemloop.size ) %]
                              [% INCLUDE items_table items=itemloop tab="holdings" %]
                              [% IF Koha.Preference('OPACAcquisitionDetails') and Koha.Preference('AcqCreateItem') != 'ordering' and acquisition_details.total_quantity > 0 %]
@@ -874,7 +874,7 @@
                                      </table>
                                  [% END # / IF subscription.latestserials %]
                              [% END # / FOREACH subscriptions %]
-                            <p class="subscription_moredetails"><a href="opac-serial-issues.pl?biblionumber=[% biblionumber %]">More details</a></p>
+                            <p class="subscription_moredetails"><a href="opac-serial-issues.pl?biblionumber=[% biblionumber | html %]">More details</a></p>
                          </div> <!-- / #subscriptions -->
                      [% END # IF subscriptionsnumber %]
  
@@ -958,7 +958,7 @@
  
                                  [% IF ( loggedinusername ) %]
                                      [% UNLESS ( loggedincommenter ) %]
-                                       <div id="addcomment"> <a href="#" onclick="Dopop('/cgi-bin/koha/opac-review.pl?biblionumber=[% biblionumber %]'); return false;">
+                                       <div id="addcomment"> <a href="#" onclick="Dopop('/cgi-bin/koha/opac-review.pl?biblionumber=[% biblionumber | html %]'); return false;">
                                              Post your comments on this item.
                                          </a></div>
                                      [% END %]
@@ -1030,7 +1030,7 @@
                                  <p>Click on an image to view it in the image viewer</p>
                                  [% FOREACH image IN localimages %]
                                      [% IF image %]
-                                        <a class="localimage" href="/cgi-bin/koha/opac-imageviewer.pl?biblionumber=[% biblionumber %]&amp;imagenumber=[% image %]"><img alt="" src="/cgi-bin/koha/opac-image.pl?thumbnail=1&amp;imagenumber=[% image %]" /></a>
+                                        <a class="localimage" href="/cgi-bin/koha/opac-imageviewer.pl?biblionumber=[% biblionumber | html %]&amp;imagenumber=[% image %]"><img alt="" src="/cgi-bin/koha/opac-image.pl?thumbnail=1&amp;imagenumber=[% image %]" /></a>
                                      [% END %]
                                  [% END %]
                              </div><!-- / #images -->
@@ -1647,7 +1647,7 @@
                $.post("/cgi-bin/koha/opac-ratings-ajax.pl", {
                  rating_old_value: $("#rating_value").attr("value"),
                  borrowernumber: "[% borrowernumber %]",
-                biblionumber: "[% biblionumber %]",
+                biblionumber: "[% biblionumber | html %]",
                  rating_value: value,
                  auth_error: value
                }, function (data) {
diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-full-serial-issues.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-full-serial-issues.tt

index d538e55..5e81d23 100644 (file)
--- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-full-serial-issues.tt
+++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-full-serial-issues.tt
@@ -16,7 +16,7 @@
      <div class="main">
          <ul class="breadcrumb">
              <li><a href="/cgi-bin/koha/opac-main.pl">Home</a> <span class="divider">&rsaquo;</span></li>
-            <li><a href="/cgi-bin/koha/opac-detail.pl?biblionumber=[% biblionumber %]">Details for [% bibliotitle %]</a> <span class="divider">&rsaquo;</span></li>
+            <li><a href="/cgi-bin/koha/opac-detail.pl?biblionumber=[% biblionumber | html %]">Details for [% bibliotitle %]</a> <span class="divider">&rsaquo;</span></li>
              <li><a href="#">Full subscription history</a></li>
          </ul>
  
@@ -48,8 +48,8 @@
                          [% UNLESS ( popup ) %]
                              <h2>Full subscription history for [% bibliotitle %]</h2>
                              <div id="views">
-                                <span class="view"><a id="Normalview" href="/cgi-bin/koha/opac-detail.pl?biblionumber=[% biblionumber %]">Normal view</a></span>
-                                <span class="view"><a id="Briefhistory" href="/cgi-bin/koha/opac-serial-issues.pl?biblionumber=[% biblionumber %]&amp;selectview=small">Brief history</a></span>
+                                <span class="view"><a id="Normalview" href="/cgi-bin/koha/opac-detail.pl?biblionumber=[% biblionumber | html %]">Normal view</a></span>
+                                <span class="view"><a id="Briefhistory" href="/cgi-bin/koha/opac-serial-issues.pl?biblionumber=[% biblionumber | html %]&amp;selectview=small">Brief history</a></span>
                                  <span class="view"><span id="Fullhistory">Full history</span></span>
                              </div>
                          [% END %]
diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-serial-issues.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-serial-issues.tt

index b231032..bdd8587 100644 (file)
--- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-serial-issues.tt
+++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-serial-issues.tt
@@ -10,7 +10,7 @@
      <div class="main">
          <ul class="breadcrumb">
              <li><a href="/cgi-bin/koha/opac-main.pl">Home</a> <span class="divider">&rsaquo;</span></li>
-            <li><a href="/cgi-bin/koha/opac-detail.pl?biblionumber=[% biblionumber %]">Details for [% bibliotitle %]</a> <span class="divider">&rsaquo;</span></li>
+            <li><a href="/cgi-bin/koha/opac-detail.pl?biblionumber=[% biblionumber | html %]">Details for [% bibliotitle %]</a> <span class="divider">&rsaquo;</span></li>
              <li><a href="#">Issues for a subscription</a></li>
          </ul>
author	Jonathan Druart <jonathan.druart@bugs.koha-community.org>
	Wed, 9 Aug 2017 17:08:24 +0000 (14:08 -0300)
committer	Jonathan Druart <jonathan.druart@bugs.koha-community.org>
	Tue, 29 Aug 2017 15:00:37 +0000 (12:00 -0300)
koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-bottom.inc		patch \| blob \| history
koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-detail-sidebar.inc		patch \| blob \| history
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-ISBDdetail.tt		patch \| blob \| history
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-MARCdetail.tt		patch \| blob \| history
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-alert-subscribe.tt		patch \| blob \| history
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-detail.tt		patch \| blob \| history
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-full-serial-issues.tt		patch \| blob \| history
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-serial-issues.tt		patch \| blob \| history