Bug 19612: Fix XSS in members/memberentry.pl

[koha.git] / koha-tmpl / intranet-tmpl / prog / en / includes / member-display-address-style-us.inc

diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/member-display-address-style-us.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/member-display-address-style-us.inc
index d8dc12f..2e80d33 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/includes/member-display-address-style-us.inc
+++ b/koha-tmpl/intranet-tmpl/prog/en/includes/member-display-address-style-us.inc
@@ -4,13 +4,13 @@
         [% IF streettype %]
             [% SET roadtype_desc = AuthorisedValues.GetByCode('ROADTYPE', streettype) %]
         [% END %]
-        <li class="patronaddress1">[% if (streetnumber) %][% streetnumber %][% end %] [% address %] [% IF roadtype_desc %][% roadtype_desc %] [% END %][% end %]</li>
+        <li class="patronaddress1">[% if (streetnumber) %][% streetnumber |html  %][% end %] [% address |html %] [% IF roadtype_desc %][% roadtype_desc |html  %] [% END %][% end %]</li>
     [% END %]
     [% IF ( address2 ) %]
-        <li class="patronaddress2">[% address2 %]</li>
+        <li class="patronaddress2">[% address2 |html  %]</li>
     [% END %]
 [% END %]
 [% IF ( city ) %]<li class="patroncity">
-        [% city %][% IF ( state ) %], [% state %][% END %]
-        [% zipcode %][% IF ( country ) %], [% country %][% END %]</li>
+        [% city |html  %][% IF ( state ) %], [% state |html  %][% END %]
+        [% zipcode |html  %][% IF ( country ) %], [% country |html  %][% END %]</li>
 [% END %]