From 1726ff377bf2609f114214114e9857f0625c7fa1 Mon Sep 17 00:00:00 2001
From: Demian Katz <demian.katz@villanova.edu>
Date: Thu, 10 Sep 2020 08:03:49 -0400
Subject: [PATCH] Fix escaping bug (resolves VUFIND-1428).

---
 .../bootstrap3/templates/RecordDriver/DefaultRecord/cover.phtml | 2 +-
 themes/bootstrap3/templates/RecordDriver/EDS/cover.phtml        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/themes/bootstrap3/templates/RecordDriver/DefaultRecord/cover.phtml b/themes/bootstrap3/templates/RecordDriver/DefaultRecord/cover.phtml
index 96be04e6856..3aa16151aea 100644
--- a/themes/bootstrap3/templates/RecordDriver/DefaultRecord/cover.phtml
+++ b/themes/bootstrap3/templates/RecordDriver/DefaultRecord/cover.phtml
@@ -9,7 +9,7 @@
   <div class="ajaxcover">
     <div class="spinner"><i class="fa fa-spinner fa-spin"></i> <?=$this->translate('Loading')?>...</div>
     <div class="cover-container">
-      <img <?php if ($linkPreview): ?>data-linkpreview="true" <?php endif; ?>data-recordsource="<?=$driver->getSourceIdentifier()?>" data-recordid="<?=$driver->getUniqueID()?>" data-coversize="<?=$size?>" class="recordcover ajax" alt="<?=$this->escapeHtmlAttr($alt); ?>" />
+      <img <?php if ($linkPreview): ?>data-linkpreview="true" <?php endif; ?>data-recordsource="<?=$this->escapeHtmlAttr($driver->getSourceIdentifier())?>" data-recordid="<?=$this->escapeHtmlAttr($driver->getUniqueID())?>" data-coversize="<?=$this->escapeHtmlAttr($size)?>" class="recordcover ajax" alt="<?=$this->escapeHtmlAttr($alt); ?>" />
     </div>
   </div>
 <?php endif; ?>
diff --git a/themes/bootstrap3/templates/RecordDriver/EDS/cover.phtml b/themes/bootstrap3/templates/RecordDriver/EDS/cover.phtml
index e72e14c98c1..1c7f8a68151 100644
--- a/themes/bootstrap3/templates/RecordDriver/EDS/cover.phtml
+++ b/themes/bootstrap3/templates/RecordDriver/EDS/cover.phtml
@@ -13,7 +13,7 @@
   <div class="ajaxcover">
     <div class="spinner"><i class="fa fa-spinner fa-spin"></i> <?=$this->translate('Loading')?>...</div>
     <div class="cover-container">
-      <img <?php if ($linkPreview): ?>data-linkpreview="true" <?php endif; ?>data-recordsource="<?=$driver->getSourceIdentifier()?>" data-recordid="<?=$driver->getUniqueID()?>" data-coversize="<?=$size?>" class="recordcover ajax" alt="<?=$this->escapeHtmlAttr($alt); ?>" />
+      <img <?php if ($linkPreview): ?>data-linkpreview="true" <?php endif; ?>data-recordsource="<?=$this->escapeHtmlAttr($driver->getSourceIdentifier())?>" data-recordid="<?=$this->escapeHtmlAttr($driver->getUniqueID())?>" data-coversize="<?=$this->escapeHtmlAttr($size)?>" class="recordcover ajax" alt="<?=$this->escapeHtmlAttr($alt); ?>" />
     </div>
   </div>
 <?php endif; ?>
-- 
GitLab