Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/supplier.tt
Jonathan Druart 6c1b39b4cb Bug 16095: Remove target="_blank" when a link refer to an external link 
If you click on a link that opens a new tab/window to another site, that tab
has access to the original window through JavaScript. The browsing context is
related, even if the domains are totally different.

The tab retains access to the original window's object via window.opener, even
if you navigate to another page or domain, in the new or original window.
Access to the Window object means the new window can use Window.location to
open a different URL in the original window, perfect for phishing attacks.

Depending on the site's Same-Origin Policy settings, the new window may have
access to other parts of the original window's DOM as well.

Any  'A HREF' that contains a target of of '_blank' or '_new' or a fixed name
is vulnerable. Previous security best practice often suggested creating a random
fixed name for an unpredictable namespace - that won't help with this problem!
Targets of '_self' and '_parent' are safe.

We do not use _new (at first glance) but several _blank. Some are used
to refer internal url, we do not need to update or remove them. Others
are used to satisfy OPACURLOpenInNewWindow, in these case, we should add
the rel="noreferrer" attribute to the a tags.
In other cases, we can simply remove them and let the users discover
that a mouse has more than one button (we are in 2016, they can do it!)

Signed-off-by: Chris <chrisc@catalyst.net.nz>

Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-03-21 20:44:52 +00:00

402 lines
22 KiB
Text
Raw Blame History

[% USE KohaDates %]
[% BLOCK edit_contact %]
<ol id="contact-form">
<input type="hidden" name="contact_id" value="[% contact.id %]" />
<li><label for="contact_name[% contact.id %]">Contact name: </label>
<input type="text" size="40" id="contact_name[% contact.id %]" name="contact_name" value="[% contact.name %]" /></li>
<li><label for="contact_position[% contact.id %]">Position: </label>
<input type="text" size="40" id="contact_position[% contact.id %]" name="contact_position" value="[% contact.position %]" /></li>
<li><label for="contact_phone[% contact.id %]">Phone: </label>
<input type="text" size="20" id="contact_phone[% contact.id %]" name="contact_phone" value="[% contact.phone %]" /> </li>
<li><label for="contact_altphone[% contact.id %]">Alternative phone: </label>
<input type="text" size="20" id="contact_altphone[% contact.id %]" name="contact_altphone" value="[% contact.altphone %]" /></li>
<li><label for="contact_fax[% contact.id %]">Fax: </label>
<input type="text" size="20" id="contact_fax[% contact.id %]" name="contact_fax" value="[% contact.fax %]" /></li>
<li><label for="contact_email[% contact.id %]">Email: </label>
<input type="text" size="40" id="contact_email[% contact.id %]" name="contact_email" value="[% contact.email %]" /></li>
<li><label for="contact_notes[% contact.id %]">Notes: </label>
<textarea id="contact_notes[% contact.id %]" name="contact_notes" cols="40" rows="4">[% contact.notes %]</textarea></li>
<li><label for="contact_acqprimary[% contact.id %]">Primary acquisitions contact</label>
[% IF contact.acqprimary %]
<input type="checkbox" id="contact_acqprimary[% contact.id %]" class="contact_acqprimary" checked="checked"></input>
[% ELSE %]
<input type="checkbox" id="contact_acqprimary[% contact.id %]" class="contact_acqprimary"></input>
[% END %]
<input type="hidden" class="contact_acqprimary_hidden" name="contact_acqprimary" value="[% contact.acqprimary %]"></input>
<li><label for="contact_serialsprimary[% contact.id %]">Primary serials contact</label>
[% IF contact.serialsprimary %]
<input type="checkbox" id="contact_serialsprimary[% contact.id %]" class="contact_serialsprimary" checked="checked"></input>
[% ELSE %]
<input type="checkbox" id="contact_serialsprimary[% contact.id %]" class="contact_serialsprimary"></input>
[% END %]
<input type="hidden" class="contact_serialsprimary_hidden" name="contact_serialsprimary" value="[% contact.serialsprimary %]"></input>
<li><label for="contact_claimacquisition[% contact.id %]">Contact about late orders?</label>
[% IF contact.claimacquisition %]
<input type="checkbox" id="contact_claimacquisition[% contact.id %]" class="contact_claimacquisition" checked="checked"></input>
[% ELSE %]
<input type="checkbox" id="contact_claimacquisition[% contact.id %]" class="contact_claimacquisition"></input>
[% END %]
<input type="hidden" class="contact_claimacquisition_hidden" name="contact_claimacquisition" value="[% contact.claimacquisition %]"></input>
<li><label for="contact_claimissues[% contact.id %]">Contact about late issues?</label>
[% IF contact.claimissues %]
<input type="checkbox" id="contact_claimissues[% contact.id %]" class="contact_claimissues" checked="checked"></input>
[% ELSE %]
<input type="checkbox" id="contact_claimissues[% contact.id %]" class="contact_claimissues"></input>
[% END %]
<input type="hidden" class="contact_claimissues_hidden" name="contact_claimissues" value="[% contact.claimissues %]"></input>
</li>
[% IF contact.id %]<li><button class="btn delete-contact"><i class="fa fa-remove"></i> Delete contact</li>[% END %]
</ol>
[% END %]
[% BLOCK show_contact %]
<h3>[% contact.name %]</h3>
<p><span class="label">Position: </span>[% contact.position %]</p>
<p><span class="label">Phone: </span>[% contact.phone %]</p>
<p><span class="label">Alternative phone: </span>[% contact.altphone %]</p>
<p><span class="label">Fax: </span>[% contact.fax %]</p>
[% IF ( contact.email ) %]
<p><span class="label">Email: </span><a href="mailto:[% contact.email %]">[% contact.email %]</a></p>
[% END %]
[% IF ( contact.notes ) %]
<p><span class="label">Notes: </span>[% contact.notes %]</p>
[% END %]
[% IF ( contact.acqprimary ) %]
<p><span class="label">Primary acquisitions contact</span></p>
[% END %]
[% IF ( contact.serialsprimary ) %]
<p><span class="label">Primary serials contact</span></p>
[% END %]
[% IF ( contact.claimacquisition ) %]
<p><span class="label">Receives claims for late orders</span></p>
[% END %]
[% IF ( contact.claimissues ) %]
<p><span class="label">Receives claims for late issues</span></p>
[% END %]
[% END %]
[% INCLUDE 'doc-head-open.inc' %]
<title>Koha &rsaquo; Vendor [% bookselname %]</title>
<link rel="stylesheet" type="text/css" href="[% themelang %]/css/datatables.css" />
[% INCLUDE 'doc-head-close.inc' %]
[% INCLUDE 'datatables.inc' %]
<script type="text/javascript">
//<![CDATA[
function confirm_deletion() {
if (confirm(_("Confirm deletion of this vendor ?"))) {
window.location="/cgi-bin/koha/acqui/supplier.pl?booksellerid=[% booksellerid %]&op=delete";
}
}
function add_contact() {
var new_contact = $('#contact-template').clone();
var timestamp = new Date().getTime();
$(new_contact).removeAttr('id');
$('input, textarea', new_contact).each(function () {
$(this).attr('id', $(this).attr('id') + '_' + timestamp);
});
$('label', new_contact).each(function () {
$(this).attr('for', $(this).attr('for') + '_' + timestamp);
});
$(new_contact).insertBefore(this);
if ($('.supplier-contact').length === 2) { // First contact
$.each(['.contact_acqprimary', '.contact_serialsprimary', '.contact_claimacquisition', '.contact_claimissues'], function (idx, checkbox) {
$(checkbox, new_contact).click();
});
}
$('input[name="contact_name"]', new_contact).focus();
return false;
}
function delete_contact(ev) {
$(this).parents('.supplier-contact').remove();
ev.preventDefault();
}
$(document).ready(function() {
var contractst = $("#contractst").dataTable($.extend(true, {}, dataTablesDefaults, {
"aoColumnDefs": [
{ "aTargets": [ -1, -2 ], "bSortable": false, "bSearchable": false },
{ "sType": "title-string", "aTargets" : [ "title-string" ] }
],
'sDom': 't'
} ) );
$('body').on('click', '.delete-contact', null, delete_contact);
$('#add-contact').click(add_contact);
$('body').on('click', '.contact_acqprimary', null, function () {
if ($(this).attr('checked') === 'checked') {
$('.contact_acqprimary').filter(':checked').not(this).removeAttr('checked');
$('.contact_acqprimary_hidden').each(function () {
$(this).val('0');
});
}
$(this).next('.contact_acqprimary_hidden').val('1');
});
$('body').on('click', '.contact_serialsprimary', null, function () {
if ($(this).attr('checked') === 'checked') {
$('.contact_serialsprimary').filter(':checked').not(this).removeAttr('checked');
$('.contact_serialsprimary_hidden').each(function () {
$(this).val('0');
});
}
$(this).next('.contact_serialsprimary_hidden').val($(this).attr('checked') === 'checked' ? '1' : '0');
});
$('body').on('click', '.contact_claimacquisition', null, function () {
$(this).next('.contact_claimacquisition_hidden').val($(this).attr('checked') === 'checked' ? '1' : '0');
});
$('body').on('click', '.contact_claimissues', null, function () {
$(this).next('.contact_claimissues_hidden').val($(this).attr('checked') === 'checked' ? '1' : '0');
});
});
//]]>
</script>
</head>
<body id="acq_supplier" class="acq">
[% INCLUDE 'header.inc' %]
[% INCLUDE 'acquisitions-search.inc' %]
<div id="breadcrumbs"><a href="/cgi-bin/koha/mainpage.pl">Home</a> &rsaquo; <a href="/cgi-bin/koha/acqui/acqui-home.pl">Acquisitions</a> &rsaquo; [% IF ( enter ) %][% IF ( booksellerid ) %] <a href="/cgi-bin/koha/acqui/supplier.pl?booksellerid=[% booksellerid %]">[% name %]</a> &rsaquo; Update: [% name %][% ELSE %]Add vendor[% END %] [% ELSE %][% name %][% END %]</div>
<div id="doc3" class="yui-t2">
<div id="bd">
<div id="yui-main">
<div class="yui-b">
[% IF ( enter ) %]
[% IF ( booksellerid ) %]
<h1>Update: [% name %]</h1>
[% ELSE %]
<h1>Add vendor</h1>
[% END %]
[% END %]
[% UNLESS ( enter ) %][% INCLUDE 'acquisitions-toolbar.inc' %][% END %]
[% IF ( enter ) %]
<form action="updatesupplier.pl" name="updatesupplier" class="validated" method="post">
<div class="yui-g">
<input type="hidden" name="booksellerid" value="[% booksellerid %]" />
<fieldset class="rows">
<legend>Company details</legend>
<ol><li><label for="company" class="required">Name:</label>
<input type="text" size="40" id="company" name="company" value="[% name %]" required="required" class="required" /><span class="required">Required</span></li>
<li><label for="company_postal">Postal address: </label>
<textarea id="company_postal" name="company_postal" cols="40" rows="3">[% postal %]</textarea></li>
<li><label for="physical">Physical address: </label>
<textarea id="physical" name="physical" cols="40" rows="3">[% address1 %][% address2 %][% address3 %][% address4 %]</textarea></li>
<li><label for="company_phone">Phone: </label>
<input type="text" size="20" id="company_phone" name="company_phone" value="[% phone %]" /></li>
<li><label for="company_fax">Fax: </label>
<input type="text" size="20" id="company_fax" name="company_fax" value="[% fax %]" /></li>
<li><label for="website">Website: </label>
<input type="text" size="40" id="website" name="website" value="[% url %]" /></li>
<li><label for="accountnumber">Account number: </label>
<input type="text" size="40" id="accountnumber" name="accountnumber" value="[% accountnumber %]" /></li></ol>
</fieldset>
<fieldset class="rows">
<legend>Contacts</legend>
<fieldset id="contact-template" class="supplier-contact">
<legend>Contact details</legend>
[% INCLUDE edit_contact %]
</fieldset>
[% FOREACH contact IN contacts %]
<fieldset class="supplier-contact">
<legend>Contact details</legend>
[% INCLUDE edit_contact %]
</fieldset>
[% END %]
<button id="add-contact" class="btn"><i class="fa fa-plus"></i> Add another contact</button>
</fieldset>
</div>
<div class="yui-g">
<fieldset class="rows">
<legend>Ordering information</legend>
<ol class="radio"><li><label for="activestatus" class="radio">Vendor is:</label>
[% IF ( active ) %]
<label for="activestatus">Active</label> <input type="radio" id="activestatus" name="status" value="1" checked="checked" />
<label for="inactivestatus">Inactive</label> <input type="radio" id="inactivestatus" name="status" value="0" />
[% ELSE %]
<label for="activestatus">Active</label> <input type="radio" id="activestatus" name="status" value="1" />
<label for="inactivestatus">Inactive</label> <input type="radio" id="inactivestatus" name="status" value="0" checked="checked" />
[% END %]</li>
</ol>
<ol>
<li><label for="list_currency">List prices are: </label>
<select name="list_currency" id="list_currency">
[% FOREACH currency IN currencies %]
[% IF booksellerid and currency.currency == listprice or not booksellerid and currency.active %]
<option value="[% currency.currency %]" selected="selected">[% currency.currency %]</option>
[% ELSIF not currency.archived %]
<option value="[% currency.currency %]" selected="selected">[% currency.currency %]</option>
[% END %]
[% END %]
</select>
</li>
<li><label for="invoice_currency">Invoice prices are: </label>
<select name="invoice_currency" id="invoice_currency">
[% FOREACH currency IN currencies %]
[% IF booksellerid and currency.currency == invoiceprice or not booksellerid and currency.active %]
<option value="[% currency.currency %]" selected="selected">[% currency.currency %]</option>
[% ELSIF not currency.archived %]
<option value="[% currency.currency %]" selected="selected">[% currency.currency %]</option>
[% END %]
[% END %]
</select>
</li>
</ol>
<ol class="radio">
<li><label for="gstyes" class="radio">Tax number registered:</label>
[% IF ( gstreg ) %]
<label for="gstyes">Yes</label> <input type="radio" name="gst" id="gstyes" value="1" checked="checked" />
<label for="gstno">No</label> <input type="radio" name="gst" id="gstno" value="0" />
[% ELSE %]
<label for="gstyes">Yes</label> <input type="radio" name="gst" id="gstyes" value="1" />
<label for="gstno">No</label> <input type="radio" name="gst" id="gstno" value="0" checked="checked" />
[% END %]</li>
<li><label for="list_gstyes" class="radio">List prices:</label>
[% IF ( listincgst ) %]
<label for="list_gstyes">Include tax</label> <input type="radio" id="list_gstyes" name="list_gst" value="1" checked="checked" />
<label for="list_gstno">Don't include tax</label> <input type="radio" id="list_gstno" name="list_gst" value="0" />
[% ELSE %]
<label for="list_gstyes">Include tax</label> <input type="radio" id="list_gstyes" name="list_gst" value="1" />
<label for="list_gstno">Don't include tax</label> <input type="radio" id="list_gstno" name="list_gst" value="0" checked="checked" />
[% END %]</li>
<li><label for="invoice_gstyes" class="radio">Invoice prices:</label>
[% IF ( invoiceincgst ) %]
<label for="invoice_gstyes">Include tax</label> <input type="radio" id="invoice_gstyes" name="invoice_gst" value="1" checked="checked" />
<label for="invoice_gstno">Don't include tax</label> <input type="radio" id="invoice_gstno" name="invoice_gst" value="0" />
[% ELSE %]
<label for="invoice_gstyes">Include tax</label> <input type="radio" id="invoice_gstyes" name="invoice_gst" value="1" />
<label for="invoice_gstno">Don't include tax</label> <input type="radio" id="invoice_gstno" name="invoice_gst" value="0" checked="checked" />
[% END %]</li>
</ol>
[% IF gst_values %]
<ol>
<li>
<label for="gstrate">Tax rate: </label>
<select name="gstrate" id="gstrate">
[% FOREACH gst IN gst_values %]
[% IF ( gstrate == gst.option ) %]
<option value="[% gst.option %]" selected="selected">[% gst.option * 100 | format ("%.1f") %] %</option>
[% ELSE %]
<option value="[% gst.option %]">[% gst.option * 100 | format ("%.1f") %] %</option>
[% END %]
[% END %]
</select>
</li>
</ol>
[% ELSE %]
<input type="hidden" name="gstrate" value="0" />
[% END %]
<ol>
<li><label for="discount">Discount: </label>
<input type="text" size="6" id="discount" name="discount" value="[% discount | format ("%.1f") %]" />%</li>
<li>
<label for="deliverytime">Delivery time: </label>
<input type="text" size="2" id="deliverytime" name="deliverytime" value="[% deliverytime %]" /> days
</li>
<li><label for="notes">Notes: </label>
<textarea cols="40" rows="4" id="notes" name="notes" >[% notes %]</textarea></li></ol>
</fieldset>
<fieldset class="action"><input type="submit" value="Save" /> [% IF ( booksellerid ) %]
<a class="cancel" href="/cgi-bin/koha/acqui/supplier.pl?booksellerid=[% booksellerid %]">[% ELSE %]<a class="cancel" href="/cgi-bin/koha/acqui/acqui-home.pl">
[% END %]Cancel</a></fieldset>
</div>
</form>
[% ELSE %]
<h1>[% name %]</h1>
<div class="yui-g">
<div id="supplier-company-details" class="yui-u first">
<h2>Vendor details</h2>
<p><span class="label">Company name: </span>[% name %]</p>
<p><span class="label">Postal address: </span>[% postal %]</p>
<p><span class="label">Physical address: </span>[% address1 %][% address2 %][% address3 %][% address4 %]</p>
<p><span class="label">Phone: </span>[% phone %]</p>
<p><span class="label">Fax: </span>[% fax %]</p>
[% IF ( url ) %]
<p><span class="label">Website: </span><a href="[% url %]">[% url %]</a></p>
[% END %]
[% IF ( accountnumber ) %]
<p><span class="label">Account number: </span>[% accountnumber %]</p>
[% END %]
<div id="supplier-ordering-information">
<h2>Ordering information</h2>
<p><strong>Vendor is: </strong>
[% IF ( active ) %]
Active
[% ELSE %]
Inactive
[% END %]</p>
<p><strong>List prices are: </strong>[% listprice %]</p>
<p><strong>Invoice prices are: </strong>[% invoiceprice %]</p>
[% IF ( gstrate ) %]<p><strong>Tax number registered: </strong>
[% IF ( gstreg ) %]Yes[% ELSE %]No[% END %]</p>
<p><strong>List item price includes tax: </strong>
[% IF ( listincgst ) %]Yes[% ELSE %]No[% END %]</p>
<p><strong>Invoice item price includes tax: </strong>
[% IF ( invoiceincgst ) %]Yes[% ELSE %]No[% END %]</p>[% END %]
<p><strong>Discount: </strong>
[% discount | format("%.1f") %] %</p>
<p><strong>Tax rate: </strong>
[% 0 + gstrate * 100 | format("%.1f") %] %</p>
[% IF deliverytime.defined %]
<p><strong>Delivery time: </strong>
[% deliverytime %] days</p>
[% END %]
[% IF ( notes ) %]<p><strong>Notes: </strong>
[% notes %]</p>[% END %]
</div>
</div>
<div class="supplier-contact-details yui-u">
<h2>Contact</h2>
[% FOREACH contact IN contacts %]
[% INCLUDE show_contact %]
[% END %]
</div>
</div>
[% IF ( contracts ) %]
<div id="supplier-contracts" class="yui-g">
<h2>Contract(s)</h2>
<table id="contractst">
<thead>
<tr>
<th scope="col">Name</th>
<th scope="col">Description</th>
<th scope="col" class="title-string">Start date</th>
<th scope="col" class="title-string">End date</th>
<th scope="col">&nbsp; </th>
<th scope="col">&nbsp; </th>
</tr>
</thead>
<tbody>
[% FOREACH contract IN contracts %]
<tr>
<td>
<a href="/cgi-bin/koha/admin/aqcontract.pl?op=add_form&amp;contractnumber=[% contract.contractnumber %]&amp;booksellerid=[% contract.booksellerid %]">[% contract.contractname %]</a>
</td>
<td>[% contract.contractdescription %]</td>
<td><span title="[% contract.contractstartdate %]">[% contract.contractstartdate | $KohaDates %]</span></td>
<td><span title="[% contract.contractenddate %]">[% contract.contractenddate | $KohaDates %]</span></td>
<td><a href="/cgi-bin/koha/admin/aqcontract.pl?op=add_form&amp;contractnumber=[% contract.contractnumber %]&amp;booksellerid=[% contract.booksellerid %]">Edit</a></td>
<td><a href="/cgi-bin/koha/admin/aqcontract.pl?op=delete_confirm&amp;contractnumber=[% contract.contractnumber %]&amp;booksellerid=[% contract.booksellerid %]">Delete</a></td>
</tr>
[% END %]
</tbody>
</table>
</div>
[% END %]
[% END %]
</div>
</div>
<div class="yui-b">
[% INCLUDE 'vendor-menu.inc' %]
</div>
</div>
[% INCLUDE 'intranet-bottom.inc' %]
View git blame Copy permalink