Koha/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-downloadshelf.tt
Jonathan Druart bb4543f7db Bug 16599: Fix other potentials XSS for shelfname
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-30 11:12:15 +00:00

120 lines
6.2 KiB
Text

[% USE Koha %]
[% IF ( fullpage ) %]
[% INCLUDE 'doc-head-open.inc' %]
<title>[% IF ( LibraryNameTitle ) %][% LibraryNameTitle %][% ELSE %]Koha online[% END %] catalog &rsaquo; Download list [% shelf.shelfname | html %]</title>[% INCLUDE 'doc-head-close.inc' %]
[% BLOCK cssinclude %][% END %]
</head>
[% INCLUDE 'bodytag.inc' bodyid='opac-downloadlist' %]
[% INCLUDE 'masthead.inc' %]
<div class="main">
<ul class="breadcrumb">
<li><a href="/cgi-bin/koha/opac-main.pl">Home</a> <span class="divider">&rsaquo;</span></li>
[% IF ( loggedinusername ) %]
<li><a href="/cgi-bin/koha/opac-user.pl">[% USER_INFO.title %] [% USER_INFO.firstname %] [% USER_INFO.surname %]</a> <span class="divider">&rsaquo;</span></li>
[% END %]
<li>
[% IF shelf.category == 1 %]
<a href="/cgi-bin/koha/opac-shelves.pl?op=list&amp;category=1">Your lists</a>
[% ELSE %]
<a href="/cgi-bin/koha/opac-shelves.pl?op=list&amp;category=2">Public lists</a>
[% END %]
<span class="divider">&rsaquo;</span>
</li>
<li>Download list <i>[% shelf.shelfname | html %]</i></li>
</ul>
<div class="container-fluid">
<div class="row-fluid">
[% IF ( OpacNav||loggedinusername ) %]
<div class="span2">
<div id="navigation">
[% INCLUDE 'navigation.inc' IsPatronPage=1 %]
</div>
</div>
[% END %]
[% IF ( OpacNav||loggedinusername ) %]
<div class="span10">
[% ELSE %]
<div class="span12">
[% END %]
[% END # / IF fullpage %]
<div id="userdownloadshelf" class="maincontent">
[% UNLESS ( invalidlist ) %]
[% IF ( format ) %]
<div class="alert alert-info">
<p>Your download should begin automatically.</p>
</div>
[% ELSE %]
<h1>Download list <i>[% shelf.shelfname | html %]</i></h1>
<form method="post" action="/cgi-bin/koha/opac-downloadshelf.pl">
<fieldset>
<select name="format" id="dlformat" required="required">
<option value="">-- Choose format --</option>
<option value="ris">RIS (Zotero, EndNote, others)</option>
<option value="bibtex">BibTeX</option>
<option value="isbd">ISBD</option>
<option value="iso2709">MARC</option>
[% FOREACH csv_profile IN csv_profiles %]
<option value="[% csv_profile.export_format_id |html %]">CSV - [% csv_profile.profile |html %]</option>
[% END %]
</select>
<span class="required">Required</span>
</fieldset>
<fieldset class="action">
<input type="hidden" name="shelfnumber" value="[% shelf.shelfnumber | html %]" />
<input type="submit" name="save" class="btn" value="Go" />
<a href="/cgi-bin/koha/opac-shelves.pl?op=view&amp;shelfnumber=[% shelf.shelfnumber | html %]" class="cancel close" data-dismiss="modal">Cancel</a>
</fieldset>
</form>
[% IF ( modal ) %]
<script type="text/javascript">
//<![CDATA[
$(document).ready(function(){
$("#userdownloadshelf form").on("submit",function(e){
if( $("#dlformat").val() == "" ){
e.preventDefault();
alert(_("Please choose a download format"));
} else {
$("#modalWin").modal("hide");
}
});
});
//]]>
</script>
[% END %]
[% END # / IF format %]
[% ELSE %]
<div class="alert">
<p>You do not have permission to download this list.</p>
</div>
[% END # / invalidlist %]
</div> <!-- / #userdownloadshelf -->
[% IF ( fullpage ) %]
</div> <!-- / .span10 -->
</div> <!-- / .row-fluid -->
</div> <!-- / .container-fluid -->
</div> <!-- / .main -->
[% INCLUDE 'opac-bottom.inc' %]
[% BLOCK jsinclude %]
<script type="text/javascript">
//<![CDATA[
$(document).ready(function(){
$("#userdownloadshelf form").on("submit",function(e){
if( $("#dlformat").val() == "" ){
e.preventDefault();
alert(_("Please choose a download format"));
}
});
});
//]]>
</script>
[% END %]
[% END # / IF fullpage %]