Bug 19612: Fix XSS in members/memberentry.pl

[koha.git] / koha-tmpl / intranet-tmpl / prog / en / includes / member-display-alt-address-style-us.inc

diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/member-display-alt-address-style-us.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/member-display-alt-address-style-us.inc
index a138b6e..78830ff 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/includes/member-display-alt-address-style-us.inc
+++ b/koha-tmpl/intranet-tmpl/prog/en/includes/member-display-alt-address-style-us.inc
@@ -4,13 +4,13 @@
         [% IF B_streettype %]
             [% SET roadtype_desc = AuthorisedValues.GetByCode('ROADTYPE', B_streettype) %]
         [% END %]
-        <li class="patronaddress1">[% if (B_streetnumber) %][% B_streetnumber %][% end %] [% B_address %] [% IF roadtype_desc %][% roadtype_desc %] [% END %][% end %]</li>
+        <li class="patronaddress1">[% if (B_streetnumber) %][% B_streetnumber |html %][% end %] [% B_address |html %] [% IF roadtype_desc %][% roadtype_desc |html %] [% END %][% end %]</li>
     [% END %]
     [% IF ( B_address2 ) %]
-        <li class="patronaddress2">[% B_address2 %]</li>
+        <li class="patronaddress2">[% B_address2 |html %]</li>
     [% END %]
 [% END %]
 [% IF ( B_city ) %]<li class="patroncity">
-        [% B_city %][% IF ( B_state ) %], [% B_state %][% END %]
-        [% B_zipcode %][% IF ( B_country ) %], [% B_country %][% END %]</li>
+        [% B_city |html %][% IF ( B_state ) %], [% B_state |html %][% END %]
+        [% B_zipcode |html %][% IF ( B_country ) %], [% B_country |html %][% END %]</li>
 [% END %]