From a0ccc0d246d61e0a7e8b6936ef4eba9a77f599d8 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Wed, 22 Apr 2015 09:39:55 -0400 Subject: [PATCH] Bug 14044: Escape json strings for patron searches MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit In a couple of patron searches, the address is displayed. If the address contain invalid json characters, DataTables won't manage to parse the results and display them. This patch makes the templates more readable by creating a BLOCK instead of a long line and escape the invalid json characters calling the TT plugin (To.json). Test plan: Edit a patron and add something like: patron
\123 ☎ ⚑ in the address field. Search for this patron using the main patron search (members/member.pl) and the guarantor search. Confirm that a result with this patron is correctly displayed. Regression test: Since Koha::Template::Plugin::To::json is modified, confirm that the add users to basket search (on acqui/basket.pl?basketno=X click on the "Add user" button) still works as expected. Signed-off-by: Christopher Brannon Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi --- Koha/Template/Plugin/To.pm | 4 +++- .../modules/members/tables/guarantor_search.tt | 16 ++++++++++++++-- .../en/modules/members/tables/members_results.tt | 12 ++++++++++-- 3 files changed, 27 insertions(+), 5 deletions(-) diff --git a/Koha/Template/Plugin/To.pm b/Koha/Template/Plugin/To.pm index 41adc70126..6bf56b1f74 100644 --- a/Koha/Template/Plugin/To.pm +++ b/Koha/Template/Plugin/To.pm @@ -27,7 +27,9 @@ sub json { my ( $self, $value ) = @_; my $json = JSON->new->allow_nonref(1); - return $json->encode( $value ); + $json = $json->encode($value); + $json =~ s/^"|"$//g; # Remove quotes around the strings + return $json; } 1; diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/guarantor_search.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/guarantor_search.tt index dab1f23cf3..dbe1af4c2c 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/guarantor_search.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/guarantor_search.tt @@ -1,4 +1,5 @@ [% USE To %] +[% USE Branches %] [% USE KohaDates %] { "sEcho": [% sEcho %], @@ -8,16 +9,27 @@ [% FOREACH data IN aaData %] { "dt_cardnumber": - "[% data.cardnumber %]", + "[% data.cardnumber |html %]", "dt_name": "[% INCLUDE 'patron-title.inc' borrowernumber = data.borrowernumber category_type = data.category_type firstname = data.firstname surname = data.surname othernames = data.othernames cardnumber = data.cardnumber invert_name = 1%]", "dt_dateofbirth": "[% data.dateofbirth | $KohaDates %]", "dt_address": - "[% data.streetnumber %] [% data.address | html %] [% data.address2 | html %] [% data.city | html %] [% data.state | html %] [% data.zipcode | html %] [% data.country | html %] [% data.branchcode %]", + "[% INCLUDE escape_address data=data %]", "dt_action": "Select" }[% UNLESS loop.last %],[% END %] [% END %] ] } +[% BLOCK escape_address %] +[%~ SET address = data.streetnumber _ ' ' %] +[%~ IF data.address %][% SET address = address _ data.address _ ' ' %][% END %] +[%~ IF data.address2 %][% SET address = address _ data.address2 _ ' ' %][% END %] +[%~ IF data.city %][% SET address = address _ data.city _ ' ' %][% END %] +[%~ IF data.state %][% SET address = address _ data.state _ ' ' %][% END %] +[%~ IF data.zipcode %][% SET address = address _ data.zipcode _ ' ' %][% END %] +[%~ IF data.country %][% SET address = address _ data.country _ ' ' %][% END %] +[%~ SET address = address _ Branches.GetName( data.branchcode ) %] +[%~ To.json( address ) | html ~%] +[% END %] diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/members_results.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/members_results.tt index 00b02af4b7..236dcc3017 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/members_results.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/members_results.tt @@ -1,3 +1,4 @@ +[% USE To %] [% USE AuthorisedValues %] { "sEcho": [% sEcho %], @@ -11,9 +12,9 @@ "", [% END %] "dt_cardnumber": - "[% data.cardnumber %]", + "[% data.cardnumber | html %]", "dt_name": - "[% INCLUDE 'patron-title.inc' borrowernumber = data.borrowernumber category_type = data.category_type firstname = data.firstname surname = data.surname othernames = data.othernames invert_name = 1%]
[% IF ( data.streetnumber ) %][% data.streetnumber %] [% END %][% IF ( data.streettype ) %][% AuthorisedValues.GetByCode( 'ROADTYPE', data.streettype ) %] [% END %][% data.address %][% IF ( data.address2 ) %]
[% data.address2 %][% END %][% IF ( data.city || data.state || data.zipcode || data.country) %]
[% END %][% IF ( data.city ) %][% data.city %][% IF ( data.state ) %],[% END %][% END %][% IF ( data.state ) %] [% data.state %][% END %] [% IF ( data.zipcode ) %] [% data.zipcode %][% END %][% IF ( data.country ) %], [% data.country %][% END %][% IF data.email %]
Email: [% data.email %][% END %]", + "[% INCLUDE 'patron-title.inc' borrowernumber = data.borrowernumber category_type = data.category_type firstname = data.firstname surname = data.surname othernames = data.othernames invert_name = 1 %]
[% INCLUDE escape_address data = data %]", "dt_category": "[% data.category_description |html %] ([% data.category_type |html %])", "dt_branch": @@ -34,3 +35,10 @@ [% END %] ] } +[% BLOCK escape_address %] +[%~ SET address = data.streetnumber _ ' ' %] +[%~ IF data.streettype %][% address = address _ AuthorisedValues.GetByCode( 'ROADTYPE', data.streettype ) _ ' ' %][% END %] +[%~ IF data.address %][% address = address _ data.address _ ' ' %][% END %] +[%~ IF data.address2 %][% address = address _ data.address2 _ ' ' %][% END %] +[%~ To.json( address ) | html ~%] +[% END %] -- 2.20.1