From 190c9058cbe0c70fc6f059ef54827a3fbd0f4223 Mon Sep 17 00:00:00 2001
From: pbarroca <pbarroca@afi-sa.fr>
Date: Wed, 4 Nov 2015 10:34:35 +0100
Subject: [PATCH] rel #31887: escape html sensitive chars in url

---
 VERSIONS_HOTLINE/31887                                         | 1 +
 library/ZendAfi/View/Helper/TagSearchExtension.php             | 3 ++-
 .../controllers/RechercheControllerSearchExtensionTest.php     | 2 +-
 3 files changed, 4 insertions(+), 2 deletions(-)
 create mode 100644 VERSIONS_HOTLINE/31887

diff --git a/VERSIONS_HOTLINE/31887 b/VERSIONS_HOTLINE/31887
new file mode 100644
index 00000000000..6fa924c607a
--- /dev/null
+++ b/VERSIONS_HOTLINE/31887
@@ -0,0 +1 @@
+ - ticket #31887 : Correction de la prise en charge de l'extension de recherche vers Gallica
\ No newline at end of file
diff --git a/library/ZendAfi/View/Helper/TagSearchExtension.php b/library/ZendAfi/View/Helper/TagSearchExtension.php
index 5dbd86ac584..285ac6a7084 100644
--- a/library/ZendAfi/View/Helper/TagSearchExtension.php
+++ b/library/ZendAfi/View/Helper/TagSearchExtension.php
@@ -60,8 +60,9 @@ class ZendAfi_View_Helper_TagSearchExtension extends ZendAfi_View_Helper_BaseHel
     if (!$site_url || !$site_label)
       return null;
 
+    $url = $this->_injectSearchTerm($site_url);
     return $this->_tag('span',
-                       $this->view->tagAnchor($this->_injectSearchTerm($site_url),
+                       $this->view->tagAnchor($this->view->escape($url),
                                               $site_label));
   }
 
diff --git a/tests/application/modules/opac/controllers/RechercheControllerSearchExtensionTest.php b/tests/application/modules/opac/controllers/RechercheControllerSearchExtensionTest.php
index 2d82cfd57e1..4b99bbb9b1b 100644
--- a/tests/application/modules/opac/controllers/RechercheControllerSearchExtensionTest.php
+++ b/tests/application/modules/opac/controllers/RechercheControllerSearchExtensionTest.php
@@ -148,7 +148,7 @@ class RechercheControllerSearchExtensionEnabledTest
 
   /** @test */
   public function gallicaLinkShouldBeRendered() {
-    $this->assertXPathContentContains('//a[contains(@href, "gallica all ")]',
+    $this->assertXPathContentContains('//a[contains(@href, "gallica all ")][contains(@href, "sport")]',
                                       'Gallica');
   }
 }
-- 
GitLab