David Cook
4160afa3d7
This change sanitizies the field input on cataloguing/ysearch.pl Test plan: 0. Apply the patch and restart/reload Koha 1a. "Add marc21_field_260b.pl plugin to 260$b in the Default framework" 1b. Go to http://localhost:8081/cgi-bin/koha/admin/marc_subfields_structure.pl? op=add_form&tagfield=260&frameworkcode=#subbfield 1c. Choose "marc21_field_260b.pl" from the dropdown next to "Plugin" 1d. Click "Save changes" 2a. "Add new record" 2b. Go to http://localhost:8081/cgi-bin/koha/cataloguing/addbiblio.pl?frameworkcode= 3. Click on tab "2" and scroll down to 260 "b" 4. Type in "Ori" into 260 subfield b 5. Some autocomplete suggestions should appear Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
64 lines
1.9 KiB
Perl
Executable file
64 lines
1.9 KiB
Perl
Executable file
#!/usr/bin/perl
|
|
|
|
# This software is placed under the gnu General Public License, v2 (http://www.gnu.org/licenses/gpl.html)
|
|
|
|
# Copyright 2007 Tamil s.a.r.l.
|
|
#
|
|
# This file is part of Koha.
|
|
#
|
|
# Koha is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation; either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# Koha is distributed in the hope that it will be useful, but
|
|
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with Koha; if not, see <http://www.gnu.org/licenses>.
|
|
|
|
=head1 ysearch.pl
|
|
|
|
|
|
=cut
|
|
|
|
use Modern::Perl;
|
|
use CGI qw ( -utf8 );
|
|
use C4::Context;
|
|
use C4::Charset qw( nsb_clean );
|
|
use C4::Auth qw( check_cookie_auth );
|
|
use JSON qw( to_json );
|
|
|
|
my $input = CGI->new;
|
|
my $query = $input->param('term');
|
|
my $table = $input->param('table');
|
|
my $field = $input->param('field');
|
|
|
|
# Prevent from disclosing data
|
|
die() unless ($table eq "biblioitems");
|
|
die() unless ($field eq 'publishercode' || $field eq 'collectiontitle');
|
|
|
|
binmode STDOUT, ":encoding(UTF-8)";
|
|
print $input->header( -type => 'text/plain', -charset => 'UTF-8' );
|
|
|
|
my ( $auth_status ) = check_cookie_auth( $input->cookie('CGISESSID'), { editcatalogue => '*' } );
|
|
if ( $auth_status ne "ok" ) {
|
|
exit 0;
|
|
}
|
|
|
|
my $dbh = C4::Context->dbh;
|
|
my $sql = qq(SELECT distinct $field
|
|
FROM $table
|
|
WHERE $field LIKE ? OR $field LIKE ? or $field LIKE ?);
|
|
$sql .= qq( ORDER BY $field);
|
|
my $sth = $dbh->prepare($sql);
|
|
$sth->execute("$query%", "% $query%", "%-$query%");
|
|
|
|
my $a = [];
|
|
while ( my $rec = $sth->fetchrow_hashref ) {
|
|
push @$a, { fieldvalue => nsb_clean($rec->{$field}) };
|
|
}
|
|
|
|
print to_json($a);
|