Nick Clemens
d6f99f0df1
TO test: 1 - Be signed in to Koha 2 - Add a manual invoice to an account, works fine 3 - Now do it via url: http://localhost:8081/cgi-bin/koha/members/maninvoice.pl?borrowernumber=5&type=test&amount=5&add=Save 4 - Apply patches 5 - Test that everything continues to work as expected (but more securely) 6 - Try adding a new invoice via URL 7 - Should get 'internal server error' and wrong csrf token in logs Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
93 lines
3.8 KiB
Text
93 lines
3.8 KiB
Text
[% USE Asset %]
|
|
[% USE Koha %]
|
|
[% USE Branches %]
|
|
[% SET footerjs = 1 %]
|
|
[% INCLUDE 'doc-head-open.inc' %]
|
|
<title>Koha › Patrons › Create manual invoice</title>
|
|
[% INCLUDE 'doc-head-close.inc' %]
|
|
</head>
|
|
|
|
<body id="pat_maninvoice" class="pat">
|
|
[% INCLUDE 'header.inc' %]
|
|
[% INCLUDE 'patron-search.inc' %]
|
|
|
|
<div id="breadcrumbs"><a href="/cgi-bin/koha/mainpage.pl">Home</a> › <a href="/cgi-bin/koha/members/members-home.pl">Patrons</a> › Manual invoice</div>
|
|
|
|
<div id="doc3" class="yui-t2">
|
|
|
|
<div id="bd">
|
|
<div id="yui-main">
|
|
<div class="yui-b">
|
|
[% INCLUDE 'members-toolbar.inc' %]
|
|
|
|
<!-- The manual invoice and credit buttons -->
|
|
<div class="statictabs">
|
|
<ul>
|
|
<li><a href="/cgi-bin/koha/members/boraccount.pl?borrowernumber=[% patron.borrowernumber %]">Account</a></li>
|
|
<li><a href="/cgi-bin/koha/members/pay.pl?borrowernumber=[% patron.borrowernumber %]" >Pay fines</a></li>
|
|
<li class="active"><a href="/cgi-bin/koha/members/maninvoice.pl?borrowernumber=[% patron.borrowernumber %]" >Create manual invoice</a></li>
|
|
<li><a href="/cgi-bin/koha/members/mancredit.pl?borrowernumber=[% patron.borrowernumber %]" >Create manual credit</a></li>
|
|
</ul>
|
|
<div class="tabs-container">
|
|
|
|
[% IF ( ERROR ) %]
|
|
[% IF ( ITEMNUMBER ) %]
|
|
ERROR an invalid itemnumber was entered, please hit back and try again
|
|
[% END %]
|
|
[% ELSE %]
|
|
<form action="/cgi-bin/koha/members/maninvoice.pl" method="post" id="maninvoice"><input type="hidden" name="borrowernumber" id="borrowernumber" value="[% patron.borrowernumber %]" />
|
|
<input type="hidden" name="csrf_token" value="[% csrf_token %]" />
|
|
<fieldset class="rows">
|
|
<legend>Manual invoice</legend>
|
|
<ol>
|
|
<li>
|
|
<label for="type">Type: </label>
|
|
<select name="type" id="invoice_type">
|
|
<option value="L">Lost item</option>
|
|
<option value="F">Fine</option>
|
|
<option value="A">Account management fee</option>
|
|
<option value="N">New card</option>
|
|
<option value="M">Sundry</option>
|
|
[% FOREACH invoice_types_loo IN invoice_types_loop %]
|
|
<option value="[% invoice_types_loo.authorised_value %]">[% invoice_types_loo.authorised_value %]</option>
|
|
[% END %]
|
|
</select>
|
|
</li>
|
|
<li><label for="barcode">Barcode: </label><input type="text" name="barcode" id="barcode" /></li>
|
|
<li><label for="desc">Description: </label><input type="text" name="desc" id="desc" size="50" /></li>
|
|
<li><label for="note">Note: </label><input type="text" name="note" size="50" id="note" /></li>
|
|
<li><label for="amount">Amount: </label><input type="number" name="amount" id="amount" required="required" value="" step="any" min="0" /> Example: 5.00</li>
|
|
</ol></fieldset>
|
|
<fieldset class="action"><input type="submit" name="add" value="Save" /> <a class="cancel" href="/cgi-bin/koha/members/boraccount.pl?borrowernumber=[% patron.borrowernumber %]">Cancel</a></fieldset>
|
|
</form>
|
|
|
|
[% END %]
|
|
</div></div>
|
|
|
|
</div>
|
|
</div>
|
|
|
|
<div class="yui-b">
|
|
[% INCLUDE 'circ-menu.inc' %]
|
|
</div>
|
|
</div>
|
|
|
|
[% MACRO jsinclude BLOCK %]
|
|
[% Asset.js("js/members-menu.js") %]
|
|
<script type="text/javascript">
|
|
var type_fees = {'L':'','F':'','A':'','N':'','M':''};
|
|
[% FOREACH invoice_types_loo IN invoice_types_loop %]
|
|
type_fees['[% invoice_types_loo.authorised_value %]'] = "[% invoice_types_loo.lib %]";
|
|
[% END %]
|
|
$(document).ready(function(){
|
|
$('#maninvoice').preventDoubleFormSubmit();
|
|
$("fieldset.rows input, fieldset.rows select").addClass("noEnterSubmit");
|
|
$("#invoice_type").on("change",function(){
|
|
this.form.desc.value = this.options[this.selectedIndex].value;
|
|
this.form.amount.value = type_fees[this.options[this.selectedIndex].value];
|
|
});
|
|
});
|
|
</script>
|
|
[% END %]
|
|
|
|
[% INCLUDE 'intranet-bottom.inc' %]
|