Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/intranet-tmpl/prog/en/modules/suggestion/suggestion.tt
Chris Cormack 368068c715 Bug 11322: fix XSS bug in purchase suggestions pages 
To test
1/ Switch on purchase suggestions
2/ On the public interface (OPAC) add a suggestion, put html in every
field
3/ In the staff interface go to the suggestions page
/cgi-bin/koha/suggestion/suggestion.pl
4/ Notice the html is rendered
5/ Click on a suggestion, notice the html is rendered on the show page
also
6/ Apply the patch, check these two pages again, html should now be
escaped

Signed-off-by: David Cook <dcook@prosentient.com.au>

Works as described.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Passes all tests, thx Chris!

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-12-03 00:19:18 +00:00

751 lines
41 KiB
Text
Raw Blame History

[% USE KohaAuthorisedValues %]
[% USE KohaBranchName %]
[% INCLUDE 'doc-head-open.inc' %]
<title>Koha &rsaquo; Acquisitions &rsaquo;
[% IF ( op_save ) %]
[% IF ( suggestionid ) %]
Suggestions &rsaquo; Edit suggestion #[% suggestionid %]
[% ELSE %]
Suggestions &rsaquo; Add suggestion
[% END %]
[% ELSIF ( op == 'show' ) %]
Suggestions &rsaquo; Show suggestion #[% suggestionid %]
[% ELSE %]
Suggestions management
[% END %]
</title>
[% INCLUDE 'doc-head-close.inc' %]
[% INCLUDE 'calendar.inc' %]
[% IF ( op == 'show' ) %]
<script type="text/javascript">
// <![CDATA[
$(document).ready(function(){
$("#deletesuggestion").on("click",function(){
return confirm(_("Are you sure you want to delete this suggestion?"));
});
});
// ]]>
</script>
[% END %]
[% IF ( op_else ) %]
<link rel="stylesheet" type="text/css" href="[% themelang %]/css/datatables.css" />
<script type="text/javascript" src="[% themelang %]/lib/jquery/plugins/jquery.dataTables.min.js"></script>
[% INCLUDE 'datatables-strings.inc' %]
<script type="text/javascript" src="[% themelang %]/js/datatables.js"></script>
<script type="text/javascript" src="[% themelang %]/lib/jquery/plugins/jquery.checkboxes.min.js"></script>
<script type="text/javascript">
// <![CDATA[
/**
* displayOther.
* This function display the select or an textaera to write a reason.
*/
function displayOther(id,show,hide){
$("#"+hide+id).hide();
$("#"+show+id).show();
}
$(document).ready(function() {
$('#suggestiontabs').tabs({
// Correct table sizing for tables hidden in tabs
// http://www.datatables.net/examples/api/tabs_and_scrolling.html
"show": function(event, ui) {
var oTable = $('div.dataTables_wrapper>table', ui.panel).dataTable();
if ( oTable.length > 0 ) {
oTable.fnAdjustColumnSizing();
}
}
});
$(".sorted").dataTable($.extend(true, {}, dataTablesDefaults, {
"aoColumnDefs": [
{ "aTargets": [ 0, -1, -2 ], "bSortable": false, "bSearchable": false },
],
"aLengthMenu": [[10, 20, 50, 100, -1], [10, 20, 50, 100, "All"]],
"iDisplayLength": 20,
"sPaginationType": "four_button"
}));
[% FOREACH suggestion IN suggestions %]
// functions for [% suggestion.suggestiontype %] interactions
$("#CheckAll[% suggestion.suggestiontype %]").click(function(e){
$("#[% suggestion.suggestiontype %]t").checkCheckboxes();
e.preventDefault();
});
$("#UncheckAll[% suggestion.suggestiontype %]").click(function(e){
$("#[% suggestion.suggestiontype %]t").unCheckCheckboxes();
e.preventDefault();
});
$("#other_reason[% suggestion.suggestiontype %]").hide();
$("input[name*=other_reason[% suggestion.suggestiontype %]]").focus(function(){ $(this).val(""); });
$("#reason[% suggestion.suggestiontype %]").change(function(){
if($(this).val() == "other"){
$(this).hide();
$("#other_reason[% suggestion.suggestiontype %]").show();
}
});
$("#[% suggestion.suggestiontype %]delete").change(function(){
if(this.checked){
$("form[name='f[% suggestion.suggestiontype %]'] input[name=op]").attr("value","delete");
} else {
$("form[name='f[% suggestion.suggestiontype %]'] input[name=op]").attr("value","change");
}
});
[% END %]
$("a[href*=back]").click(function(){
var sid = $(this).attr("href").replace(/#back/,"");
$("#reason"+sid).show().find("option[value='']").attr("selected","selected");
$("#other_reason"+sid).hide();
});
$("h4.local_collapse a").click(function(){
$(this).parent().parent().find("ol").toggle();
return false;
});
// http://jqueryui.com/demos/datepicker/#date-range
var dates = $( "#suggesteddate_from, #suggesteddate_to" ).datepicker({
changeMonth: true,
numberOfMonths: 1,
onSelect: function( selectedDate ) {
var option = this.id == "suggesteddate_from" ? "minDate" : "maxDate",
instance = $( this ).data( "datepicker" );
date = $.datepicker.parseDate(
instance.settings.dateFormat ||
$.datepicker._defaults.dateFormat,
selectedDate, instance.settings );
dates.not( this ).datepicker( "option", option, date );
}
});
var datesMD = $( "#manageddate_from, #manageddate_to" ).datepicker({
changeMonth: true,
numberOfMonths: 1,
onSelect: function( selectedDate ) {
var option = this.id == "manageddate_from" ? "minDate" : "maxDate",
instance = $( this ).data( "datepicker" );
date = $.datepicker.parseDate(
instance.settings.dateFormat ||
$.datepicker._defaults.dateFormat,
selectedDate, instance.settings );
datesMD.not( this ).datepicker( "option", option, date );
}
});
var datesAD = $( "#accepteddate_from, #accepteddate_to" ).datepicker({
changeMonth: true,
numberOfMonths: 1,
onSelect: function( selectedDate ) {
var option = this.id == "accepteddate_from" ? "minDate" : "maxDate",
instance = $( this ).data( "datepicker" );
date = $.datepicker.parseDate(
instance.settings.dateFormat ||
$.datepicker._defaults.dateFormat,
selectedDate, instance.settings );
datesAD.not( this ).datepicker( "option", option, date );
}
});
});
// ]]>
</script>
<style type="text/css">
h4.local_collapse a { font-size : 80%; text-decoration: none; } fieldset.brief ol { display : none; }
.overlay { top: 180px; left: 50%; position: absolute; margin-left: -100px; width: 200px; text-align: center; display: none; margin-top: -10px; background: #eeffd4; padding: .5em; color: #000; } .note { -moz-border-radius: 3px; border-radius:3px; background: transparent url("[% interface %]/[% theme %]/img/famfamfam/silk/comment.png") top left no-repeat; padding : 1px 3px 1px 18px; font-size : 90%; }
</style>[% END %]
[% IF ( op_save ) %]
<script type="text/javascript">
// <![CDATA[
$(document).ready(function() { calcNewsuggTotal(); });
// ]]>
</script>
[% END %]
<script type="text/javascript" src="[% themelang %]/js/acq.js"></script>
</head>
<body id="acq_suggestion" class="acq">
[% INCLUDE 'header.inc' %]
[% INCLUDE 'cat-search.inc' %]
<div id="breadcrumbs">
<a href="/cgi-bin/koha/mainpage.pl">Home</a> &rsaquo; <a href="/cgi-bin/koha/acqui/acqui-home.pl">Acquisitions</a> &rsaquo;
[% IF ( op_save ) %]
[% IF ( suggestionid ) %]
<a href="/cgi-bin/koha/suggestion/suggestion.pl">Suggestions</a> &rsaquo; Edit suggestion #[% suggestionid %]
[% ELSE %]
<a href="/cgi-bin/koha/suggestion/suggestion.pl">Suggestions</a> &rsaquo; Add suggestion
[% END %]
[% ELSIF ( op == 'show' ) %]
<a href="/cgi-bin/koha/suggestion/suggestion.pl">Suggestions</a> &rsaquo; Show suggestion #[% suggestionid %]
[% ELSE %]
Suggestions management
[% END %]
</div>
[% IF ( op == 'show' ) %]
<div id="doc" class="yui-t7"> <!-- <div id="doc3" class="yui-t2"> -->
<div id="bd">
<div id="yui-main">
<div class="yui-b">
<div id="toolbar" class="btn-toolbar">
<a class="btn btn-small" id="editsuggestion" href="suggestion.pl?op=edit&amp;suggestionid=[% suggestionid %]"><i class="icon-pencil"></i> Edit</a>
<a class="btn btn-small" id="deletesuggestion" href="suggestion.pl?op=delete&amp;edit_field=[% suggestionid %]"><i class="icon-remove"></i> Delete</a>
</div>
<fieldset class="rows">
<legend>Bibliographic information</legend>
<ol>
<li><span class="label">Title:</span>[% title |html %]</li>
<li><span class="label">Author:</span>[% author |html %]</li>
<li><span class="label">Copyright date:</span>[% copyrightdate |html %]</li>
<li><span class="label">ISBN or ISSN or other standard number:</span>[% isbn |html %]</li>
<li><span class="label">Publisher:</span>[% publishercode |html %]</li>
<li><span class="label">Publication place:</span>[% place |html %]</li>
<li><span class="label">Collection title:</span>[% collectiontitle |html %]</li>
<li><span class="label">Document type:</span>
[% FOREACH itemtypeloo IN itemtypeloop %]
[% IF ( itemtypeloo.selected ) %][% itemtypeloo.description %][% END %]
[% END %]
</li>
[% IF ( patron_reason_loop ) %]
<li><span class="label">Reason for suggestion: </span>
[% FOREACH patron_reason_loo IN patron_reason_loop %]
[% IF ( patron_reason_loo.selected ) %][% patron_reason_loo.lib %][% END %]
[% END %]
</li>
[% END %]
<li><span class="label">Notes:</span>[% note |html %]</li>
</ol>
</fieldset>
<fieldset class="rows"> <legend>Suggestion management</legend>
<ol>
<li>
<span class="label">Status:</span>
[% SET status_found = 0 %]
[% IF ( STATUS == 'ASKED' ) %]
Pending
[% SET status_found = 1 %]
[% ELSIF ( STATUS == 'ACCEPTED' ) %]
Accepted
[% SET status_found = 1 %]
[% ELSIF ( STATUS == 'CHECKED' ) %]
Checked
[% SET status_found = 1 %]
[% ELSIF ( STATUS == 'REJECTED' ) %]
Rejected
[% SET status_found = 1 %]
[% ELSE %]
[% FOREACH s IN SuggestionStatuses %]
[% IF STATUS == s.authorised_value %]
[% s.lib %]
[% SET status_found = 1 %]
[% END %]
[% END %]
[% END %]
</li>
<li>
<table>
<thead><tr><th>&nbsp;</th><th>Date</th><th>By</th></tr></thead>
<tbody>
<tr>
<th><span class="label">Suggestion creation</span> </th>
<td>[% suggesteddate %]</td>
<td>[% IF ( suggestedby_borrowernumber ) %]<a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% suggestedby_borrowernumber %]">[% suggestedby_surname %], [% suggestedby_firstname %]</a> [% suggestedby_branchcode | $KohaBranchName %] ([% suggestedby_description %])[% END %]
</td>
</tr>
<tr>
<th><span class="label">Suggestion management</span> </th>
<td>[% manageddate %]</td>
<td>[% IF ( managedby_borrowernumber ) %]<a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% managedby_borrowernumber %]">[% managedby_surname %], [% managedby_firstname %]</a> [% managedby_branchcode | $KohaBranchName %] ([% managedby_description %])[% END %]</td>
</tr>
<tr>
<th><span class="label">Suggestion accepted</span> </th>
<td>[% accepteddate %]</td>
<td>[% IF ( acceptedby_borrowernumber ) %]<a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% acceptedby_borrowernumber %]">[% acceptedby_surname %], [% acceptedby_firstname %]</a> [% acceptedby_branchcode | $KohaBranchName %] ([% acceptedby_description %])[% END %]</td>
</tr>
</tbody>
</table></li></ol>
</fieldset>
<fieldset class="rows"> <legend>Acquisition information</legend>
<ol>
<li>
<span class="label">Library:</span> [% branchname %]
</li>
<li>
<span class="label">Fund:</span> [% budgetname %]
</li>
<li>
<span class="label">Copies:</span>[% quantity %]
</li>
<li>
<span class="label">Currency:</span>[% currency %]
</li>
<li>
<span class="label">Price:</span>[% price %]
</li>
<li>
<span class="label">Total</span>[% total %]
</li>
</ol>
</fieldset>
<fieldset class="action">
<a href="suggestion.pl">&lt;&lt; Back to suggestions</a>
</fieldset>
</div>
</div>
</div>
[% ELSE %]
[% IF ( op_save ) %]<div id="doc" class="yui-t7">[% ELSE %]<div id="doc3" class="yui-t2">[% END %]
<div id="bd">
<div id="yui-main">
<div class="yui-b">
[% IF ( op_save ) %]
<form id="add_edit" action="suggestion.pl" method="post">
<input type="hidden" name="redirect" id="redirect" value="[% redirect %]" />
<input type="hidden" name="borrowernumber" id="borrowernumber" value="[% borrowernumber %]" />
[% IF ( suggestionid ) %]
<h1>Edit purchase suggestion #[% suggestionid %]</h1>
<input type="hidden" name="suggestionid" value="[% suggestionid %]"/>
[% ELSE %]
<h1>Enter a new purchase suggestion</h1>
[% END %]
<fieldset class="rows"> <legend>Bibliographic information</legend><ol>
<li><label for="title" class="required">Title:</label><input type="text" id="title" name="title" size="80" maxlength="255" value="[% title |html %]" required="required" /></li>
<li><label for="author">Author:</label><input type="text" id="author" name="author" size="50" maxlength="80" value="[% author %]"/></li>
<li><label for="copyrightdate">Copyright date:</label><input type="text" id="copyrightdate" name="copyrightdate" size="4" maxlength="4" value="[% copyrightdate %]" /></li>
<li><label for="isbn">ISBN or ISSN or other standard number:</label><input type="text" id="isbn" name="isbn" size="50" maxlength="80" value="[% isbn %]"/></li>
<li><label for="publishercode">Publisher:</label><input type="text" id="publishercode" name="publishercode" size="50" maxlength="80" value="[% publishercode %]"/></li>
<li><label for="place">Publication place:</label><input type="text" id="place" name="place" size="50" maxlength="80" value="[% place %]"/></li>
<li><label for="collectiontitle">Collection title:</label><input type="text" id="collectiontitle" name="collectiontitle" size="50" maxlength="80" value="[% collectiontitle %]"/></li>
<li><label for="itemtype">Document type:</label>
<select id="itemtype" name="itemtype" >
[% FOREACH itemtypeloo IN itemtypeloop %]
[% IF ( itemtypeloo.selected ) %]<option selected="selected" value="[% itemtypeloo.itemtype %]">[% ELSE %]<option value="[% itemtypeloo.itemtype %]">[% END %]
[% itemtypeloo.description %]</option>
[% END %]
</select>
</li>
[% IF ( patron_reason_loop ) %]<li><label for="patronreason">Reason for suggestion: </label><select name="patronreason" id="patronreason"><option value=""> -- Choose -- </option>[% FOREACH patron_reason_loo IN patron_reason_loop %]
[% IF ( patron_reason_loo.selected ) %]<option value="[% patron_reason_loo.authorised_value %]" selected="selected">[% patron_reason_loo.lib %]</option>[% ELSE %]<option value="[% patron_reason_loo.authorised_value %]">[% patron_reason_loo.lib %]</option>[% END %]
[% END %]</select></li>[% END %]
<li><label for="note">Notes:</label><textarea name="note" id="note" rows="5" cols="40">[% note %]</textarea></li>
</ol>
</fieldset>
<fieldset class="rows"> <legend>Suggestion management</legend>
<ol>
[% IF ( suggestionid ) %]
<li>
<label for="STATUS">Status:</label>
<select id="STATUS" name="STATUS">
<option value="">No Status</option>
[% IF (statusselected_ASKED ) %]
<option value="ASKED" selected="selected">Pending</option>
[% ELSE %]
<option value="ASKED">Pending</option>
[% END %]
[% IF (statusselected_ACCEPTED ) %]
<option value="ACCEPTED" selected="selected">Accepted</option>
[% ELSE %]
<option value="ACCEPTED">Accepted</option>
[% END %]
[% IF (statusselected_CHECKED ) %]
<option value="CHECKED" selected="selected">Checked</option>
[% ELSE %]
<option value="CHECKED">Checked</option>
[% END %]
[% IF ( statusselected_REJECTED ) %]
<option value="REJECTED" selected="selected">Rejected</option>
[% ELSE %]
<option value="REJECTED">Rejected</option>
[% END %]
[% FOREACH s IN SuggestionStatuses %]
[% IF s.authorised_value == selected_status %]
<option value="[% s.authorised_value %]" selected="selected">[% s.lib %]</option>
[% ELSE %]
<option value="[% s.authorised_value %]">[% s.lib %]</option>
[% END %]
[% END %]
</select>
</li>
[% END %]
<li><table>
<thead><tr><th>&nbsp;</th><th>Date</th><th>By</th></tr></thead>
<tbody>
<tr>
<th><label for="suggesteddate">Suggestion creation</label> </th>
<td><input type="text" id="suggesteddate" name="suggesteddate" size="10" maxlength="10" value="[% suggesteddate %]"/></td>
<td><input type="hidden" id="suggestedby" name="suggestedby" value="[% suggestedby %]"/>[% IF ( suggestedby_borrowernumber ) %]<a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% suggestedby_borrowernumber %]">[% suggestedby_surname %], [% suggestedby_firstname %]</a> [% suggestedby_branchcode | $KohaBranchName %] ([% suggestedby_description %])[% END %]
</td>
</tr>
<tr>
<th><label for="managedon">Suggestion management</label> </th>
<td><input type="text" id="managedon" name="manageddate" size="10" maxlength="10" value="[% manageddate %]" /></td>
<td><input type="hidden" id="managedby" name="managedby" value="[% managedby %]"/>[% IF ( managedby_borrowernumber ) %]<a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% managedby_borrowernumber %]">[% managedby_surname %], [% managedby_firstname %]</a> [% managedby_branchcode | $KohaBranchName %] ([% managedby_description %])[% END %]</td>
</tr>
<tr>
<th><label for="accepteddate">Suggestion accepted</label> </th>
<td><input type="text" id="accepteddate" name="accepteddate" size="10" maxlength="10" value="[% accepteddate %]" /></td>
<td><input type="hidden" id="acceptedby" name="acceptedby" value="[% acceptedby %]"/>[% IF ( acceptedby_borrowernumber ) %]<a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% acceptedby_borrowernumber %]">[% acceptedby_surname %], [% acceptedby_firstname %]</a> [% acceptedby_branchcode | $KohaBranchName %] ([% acceptedby_description %])[% END %]</td>
</tr>
</tbody>
</table></li></ol>
</fieldset>
<fieldset class="rows"> <legend>Acquisition information</legend><ol>
<li><label for="branchcode">Library:</label>
<select name="branchcode" id="branchcode">
<option value="__ANY__">Any</option>[% FOREACH branchloo IN branchloop %]
[% IF ( branchloo.selected ) %]<option value="[% branchloo.value %]" selected="selected">[% branchloo.branchname %]</option>[% ELSE %]<option value="[% branchloo.value %]">[% branchloo.branchname %]</option>[% END %][% END %]
</select>
</li>
<li><label for="budgetid">Fund:</label>
<select name="budgetid" id="budgetid">
<option value="">Any</option>[% FOREACH budgetsloo IN budgetsloop %]
[% IF ( budgetsloo.selected ) %]<option value="[% budgetsloo.budget_id %]" selected="selected">[% budgetsloo.budget_name %]</option>[% ELSE %]<option value="[% budgetsloo.budget_id %]">[% budgetsloo.budget_name %]</option>[% END %][% END %]
</select>
</li><li><label for="quantity">Copies:</label>
<input type="text" size="10" id="quantity" name="quantity" value="[% quantity %]" onchange="calcNewsuggTotal();" />
</li><li><label for="currency">Currency:</label>
[% FOREACH loop_currenc IN loop_currency %]
<input type="hidden" value="[% loop_currenc.rate %]" id="currency_rate_[% loop_currenc.currcode %]" name="currency_rate_[% loop_currenc.currcode %]" />
<input type="hidden" id="[% loop_currenc.currcode %]" name="[% loop_currenc.currcode %]" value="[% loop_currenc.rate %]" />
[% END %]
<select name="currency" id="currency" onchange="calcNewsuggTotal();">
[% FOREACH loop_currenc IN loop_currency %]
[% IF ( loop_currenc.selected ) %]<option value="[% loop_currenc.currcode %]" selected="selected">[% loop_currenc.currcode %]</option>[% ELSE %]<option value="[% loop_currenc.currcode %]">[% loop_currenc.currcode %]</option>[% END %][% END %]
</select>
</li><li><label for="price">Price:</label>
<input type="text" size="20" name="price" id="price" value="[% price %]" onchange="calcNewsuggTotal();" />
</li><li><label for="total">Total: </label>
<input type="text" readonly="readonly" id="total" name="total" size="10" value="[% total %]"/>
</li></ol>
</fieldset><input type="hidden" id="returnsuggested" name="returnsuggested" value="[% IF ( returnsuggestedby ) %][% returnsuggestedby %][% ELSE %]noone[% END %]"/>
<fieldset class="action"><input type="hidden" name="op" value="[% op %]" />[% IF ( suggestionid ) %]<input type="submit" value="Save" /> <a class="cancel" href="[% IF ( returnsuggestedby ) %]/cgi-bin/koha/members/moremember.pl?borrowernumber=[% returnsuggestedby %]#suggestions[% ELSE %]suggestion.pl[% END %]">Cancel</a>[% ELSE %]<input type="submit" value="Submit your suggestion" /> <a class="cancel" href="suggestion.pl">Cancel</a>[% END %]
</fieldset>
</form>
[% END %]
[% IF ( op_else ) %]
<div id="toolbar" class="btn-toolbar">
<a class="btn btn-small" id="newsuggestion" href="suggestion.pl?op=add"><i class="icon-plus"></i> New purchase suggestion</a>
</div>
<h1>Suggestions management</h1>
[% UNLESS ( notabs ) %]
<div id="suggestiontabs" class="toptabs">
<ul class="ui-tabs-nav">
[% FOREACH suggestion IN suggestions %]
[% IF ( suggestion.first ) %]
<li class="ui-tabs-selected">
[% ELSE %]
<li>
[% END %]
<a href="#[% suggestion.suggestiontype %]">
[% IF ( suggestion.suggestiontypelabel ) %]
[% IF (suggestion.suggestiontypelabel == "Pending") %]Pending
[% ELSIF (suggestion.suggestiontypelabel == "Accepted") %]Accepted
[% ELSIF (suggestion.suggestiontypelabel == "Checked") %]Checked
[% ELSIF (suggestion.suggestiontypelabel == "Rejected") %]Rejected
[% ELSIF (suggestion.suggestiontypelabel == "Available") %]Available
[% ELSIF (suggestion.suggestiontypelabel == "Ordered") %]Ordered
[% ELSE %][% suggestion.suggestiontypelabel %][% END %]
[% ELSE %]
[% IF ( suggestion.suggestiontype ) %]
[% KohaAuthorisedValues.GetByCode( 'SUGGEST_STATUS', suggestion.suggestiontype ) %]
[% ELSE %]
No name
[% END %]
[% END %]
([% suggestion.suggestions_loop.size %])</a></li>
[% END %]
</ul>
[% END %]
[% FOREACH suggestion IN suggestions %]
<div id="[% suggestion.suggestiontype %]">
<form name="f[% suggestion.suggestiontype %]" method="post" action="/cgi-bin/koha/suggestion/suggestion.pl#[% suggestion.suggestiontype %]">
[% IF ( suggestion.suggestions_loop ) %]
<p><a id="CheckAll[% suggestion.suggestiontype %]" href="#">Check all</a> | <a id="UncheckAll[% suggestion.suggestiontype %]" href="#">Uncheck all</a></p>
<table id="[% suggestion.suggestiontype %]t" class="sorted">
<thead>
<tr><th>&nbsp;</th>
<th>Suggestion</th>
<th>Suggested by - on</th>
<th>Managed by - on</th>
<th>Library</th>
<th>Fund</th>
<th>Status</th></tr>
</thead>
<tbody>
[% FOREACH suggestions_loo IN suggestion.suggestions_loop %]
[% IF ( suggestions_loo.even ) %]<tr class="highlight">[% ELSE %]<tr>[% END %]
<td>
<input type="checkbox" name="edit_field" value="[% suggestions_loo.suggestionid %]" />
</td>
<td>
<a href="suggestion.pl?suggestionid=[% suggestions_loo.suggestionid %]&amp;op=show" title="suggestion" >
[% suggestions_loo.title |html %][% IF ( suggestions_loo.author ) %], by [% suggestions_loo.author %][% END %]</a>
[<a href="suggestion.pl?suggestionid=[% suggestions_loo.suggestionid %]&amp;op=edit" title="suggestion" >edit</a>]
<br />
[% IF ( suggestions_loo.copyrightdate ) %]&copy; [% suggestions_loo.copyrightdate |html %] [% END %]
[% IF ( suggestions_loo.volumedesc ) %]; Volume:<i>[% suggestions_loo.volumedesc |html %]</i> [% END %]
[% IF ( suggestions_loo.isbn ) %]; ISBN:<i>[% suggestions_loo.isbn |html %]</i> [% END %][% IF ( suggestions_loo.publishercode ) %]; Published by [% suggestions_loo.publishercode |html %] [% END %][% IF ( suggestions_loo.publicationyear ) %] in <i>[% suggestions_loo.publicationyear |html %]</i> [% END %][% IF ( suggestions_loo.place ) %] in <i>[% suggestions_loo.place |html %]</i> [% END %][% IF ( suggestions_loo.collectiontitle ) %]; [% suggestions_loo.collectiontitle |html %] [% END %][% IF ( suggestions_loo.itemtype ) %]; [% suggestions_loo.itemtype |html %] [% END %]<br />[% IF ( suggestions_loo.note ) %]<span class="note">[% suggestions_loo.note |html%]</span>[% END %]
</td>
<td>
[% IF ( suggestions_loo.emailsuggestedby ) %]<a href="mailto:[% suggestions_loo.emailsuggestedby %]">[% END %][% suggestions_loo.surnamesuggestedby %][% IF ( suggestions_loo.firstnamesuggestedby ) %], [% suggestions_loo.firstnamesuggestedby %][% END %] [% IF ( suggestions_loo.emailsuggestedby ) %]</a>[% END %]
[% IF ( suggestions_loo.suggesteddate ) %] - [% suggestions_loo.suggesteddate %][% END %]
</td>
<td>
[% IF ( suggestions_loo.emailmanagedby ) %]<a href="mailto:[% suggestions_loo.emailmanagedby %]">[% END %][% suggestions_loo.surnamemanagedby %][% IF ( suggestions_loo.firstnamemanagedby ) %], [% suggestions_loo.firstnamemanagedby %][% END %] [% IF ( suggestions_loo.emailmanagedby ) %]</a>[% END %]
[% IF ( suggestions_loo.manageddate ) %] - [% suggestions_loo.manageddate %][% END %]
</td>
<td>
[% suggestions_loo.branchcode | $KohaBranchName %]
</td>
<td>
[% suggestions_loo.budget_name %]
</td>
<td>
[% IF ( suggestions_loo.ASKED ) %]
Pending
[% ELSIF ( suggestions_loo.ACCEPTED ) %]
Accepted
[% ELSIF ( suggestions_loo.ORDERED ) %]
Ordered
[% ELSIF ( suggestions_loo.REJECTED ) %]
Rejected
[% ELSIF ( suggestions_loo.CHECKED ) %]
Checked
[% ELSIF KohaAuthorisedValues.GetByCode( 'SUGGEST_STATUS', suggestions_loo.STATUS ) %]
[% KohaAuthorisedValues.GetByCode( 'SUGGEST_STATUS', suggestions_loo.STATUS ) %]
[% END %]
[% IF ( suggestions_loo.reason ) %]
<br />([% suggestions_loo.reason %])
[% END %]
</td>
</tr>
[% END %]</tbody>
</table> <fieldset>
<div id="select-reason[% suggestion.suggestiontype %]">
<div id="status[% suggestion.suggestiontype %]">
<label for="STATUS[% suggestion.suggestiontype %]">Mark selected as: </label>
<select name="STATUS" id="STATUS[% suggestion.suggestiontype %]">
<option value=""> -- Choose a status --</option>
[% IF (statusselected_ASKED ) %]
<option value="ASKED" selected="selected">Pending</option>
[% ELSE %]
<option value="ASKED">Pending</option>
[% END %]
[% IF (statusselected_ACCEPTED ) %]
<option value="ACCEPTED" selected="selected">Accepted</option>
[% ELSE %]
<option value="ACCEPTED">Accepted</option>
[% END %]
[% IF (statusselected_CHECKED ) %]
<option value="CHECKED" selected="selected">Checked</option>
[% ELSE %]
<option value="CHECKED">Checked</option>
[% END %]
[% IF ( statusselected_REJECTED ) %]
<option value="REJECTED" selected="selected">Rejected</option>
[% ELSE %]
<option value="REJECTED">Rejected</option>
[% END %]
[% FOREACH s IN SuggestionStatuses %]
<option value="[% s.authorised_value %]">[% s.lib %]</option>
[% END %]
</select>
<label for="reason[% suggestion.suggestiontype %]">with this reason:</label>
<select id="reason[% suggestion.suggestiontype %]" name="reason[% suggestion.suggestiontype %]">
<option value=""> -- Choose a reason -- </option>
[% FOREACH reasonsloo IN suggestion.reasonsloop %]
<option value="[% reasonsloo.lib %]">[% reasonsloo.lib %]</option>
[% END %]
<option value="other">Others...</option>
</select>
<span id="other_reason[% suggestion.suggestiontype %]">
<input type="text" size="31" id="select-other_reason[% suggestion.suggestiontype %]" name="other_reason[% suggestion.suggestiontype %]" value="please note your reason here..." />
<a href="#back[% suggestion.suggestiontype %]">Cancel</a>
</span>
<strong style="padding: 0 1em;">OR:</strong>
<label for="[% suggestion.suggestiontype %]delete">Delete selected</label>
<input type="checkbox" name="op" id="[% suggestion.suggestiontype %]delete" />
</div>
</div>
<input type="hidden" name="tabcode" value="[% suggestion.suggestiontype %]" />
<input type="hidden" name="op" value="change" />
</fieldset>
<fieldset class="action">
<input type="submit" value="Submit" /></fieldset>
</form>
[% ELSE %]
<b>No results.</b>
[% END %]
</div>
[% END %]
</div>
[% END %]
</div>
</div>
[% UNLESS ( op_save ) %] [% UNLESS ( op == 'show' ) %]<div class="yui-b">
<form name="suggestionfilter" action="suggestion.pl" method="get">
<fieldset class="brief"><ol style="display:block;"><li><label for="displayby">Organize by: </label>
<select name="displayby" id="displayby" style="width:auto;">
[% IF ( displayby == "STATUS" ) %]
<option value="STATUS" selected="selected">Status</option>
[% ELSE %]
<option value="STATUS">Status</option>
[% END %]
[% IF ( displayby == "branchcode" ) %]
<option value="branchcode" selected="selected">Library</option>
[% ELSE %]
<option value="branchcode">Library</option>
[% END %]
[% IF ( displayby == "itemtype" ) %]
<option value="itemtype" selected="selected">Item type</option>
[% ELSE %]
<option value="itemtype">Item type</option>
[% END %]
[% IF ( displayby == "managedby" ) %]
<option value="managedby" selected="selected">Managed by</option>
[% ELSE %]
<option value="managedby">Managed by</option>
[% END %]
[% IF ( displayby == "acceptedby" ) %]
<option value="acceptedby" selected="selected">Accepted by</option>
[% ELSE %]
<option value="acceptedby">Accepted by</option>
[% END %]
</select> <input type="submit" value="Go" /></li></ol></fieldset>
<h4>Filter by: <a style="font-size:80%;font-weight:normal;" href="/cgi-bin/koha/suggestion/suggestion.pl">[clear]</a></h4>
<div style="display:block;" id="limits">
<fieldset class="brief"><h4 class="local_collapse"><a href="#">Bibliographic information</a></h4>
<ol> <li><label for="title"> Title:</label><input type="text" id="title" name="title" value="[% title |html %]" /></li>
<li><label for="author"> Author:</label><input type="text" id="author" name="author" value="[% author %]" /></li>
<li><label for="isbn"> ISBN:</label><input type="text" id="isbn" name="isbn" value="[% isbn %]" /></li>
<li><label for="publishercode"> Publisher:</label><input type="text" id="publishercode" name="publishercode" value="[% publishercode %]" /></li>
<li><label for="copyrightdate_filter"> Copyright date:</label><input type="text" id="copyrightdate_filter" name="copyrightdate" value="[% copyrightdate %]" /></li>
<li><label for="collectiontitle"> Collection title:</label><input type="text" id="collectiontitle" name="collectiontitle" value="[% collectiontitle %]" /></li><li><input type="submit" value="Go" /></li></ol>
</fieldset>
<fieldset class="brief"><h4 class="local_collapse"><a href="#">Suggestion information</a></h4>
<ol>
<li>
<label for="STATUS"> Status:</label>
<select name="STATUS" id="STATUS">
<option value="">Any</option>
[% IF (statusselected_ASKED ) %]
<option value="ASKED" selected="selected">Pending</option>
[% ELSE %]
<option value="ASKED">Pending</option>
[% END %]
[% IF (statusselected_ACCEPTED ) %]
<option value="ACCEPTED" selected="selected">Accepted</option>
[% ELSE %]
<option value="ACCEPTED">Accepted</option>
[% END %]
[% IF (statusselected_CHECKED ) %]
<option value="CHECKED" selected="selected">Checked</option>
[% ELSE %]
<option value="CHECKED">Checked</option>
[% END %]
[% IF ( statusselected_REJECTED ) %]
<option value="REJECTED" selected="selected">Rejected</option>
[% ELSE %]
<option value="REJECTED">Rejected</option>
[% END %]
[% FOREACH s IN SuggestionStatuses %]
[% IF s.authorised_value == selected_status %]
<option value="[% s.authorised_value %]" selected="selected">[% s.lib %]</option>
[% ELSE %]
<option value="[% s.authorised_value %]">[% s.lib %]</option>
[% END %]
[% END %]
</select>
</li>
<li><label for="suggestedby"> Suggested by:</label><select id="suggestedby" name="suggestedby"><option value="">Any</option>
[% FOREACH suggestedby_loo IN suggestedby_loop %][% IF ( suggestedby_loo.selected ) %]<option value="[% suggestedby_loo.code %]" selected="selected">[% suggestedby_loo.desc %]</option>[% ELSE %]<option value="[% suggestedby_loo.code %]">[% suggestedby_loo.desc %]</option>[% END %][% END %]
</select></li>
<li><label for="suggesteddate_from"> Suggested on:</label>
<table class="invis">
<tr>
<td><label for="suggesteddate_from">from:</label></td><td><input type="text" id="suggesteddate_from" name="suggesteddate_from" value="[% suggesteddate_from %]" style="width:76px;" /></td>
</tr>
<tr>
<td><label for="suggesteddate_to">to:</label></td><td><input type="text" id="suggesteddate_to" name="suggesteddate_to" value="[% suggesteddate_to %]" style="width:76px;" /></td>
</tr>
</table>
</li>
<li><label for="managedby"> Managed by:</label><select id="managedby" name="managedby"><option value="">Any</option>
[% FOREACH managedby_loo IN managedby_loop %][% IF ( managedby_loo.selected ) %]<option value="[% managedby_loo.code %]" selected="selected">[% managedby_loo.desc %]</option>[% ELSE %]<option value="[% managedby_loo.code %]">[% managedby_loo.desc %]</option>[% END %][% END %]
</select></li>
<li><label for="manageddate_from"> Management date:</label>
<table class="invis">
<tr>
<td><label for="manageddate_from">from:</label></td><td><input type="text" id="manageddate_from" name="manageddate_from" value="[% manageddate_from %]" style="width:76px;" /></td>
</tr>
<tr>
<td><label for="manageddate_to">to:</label></td><td><input type="text" id="manageddate_to" name="manageddate_to" value="[% manageddate_to %]" style="width:76px;" /></td>
</tr>
</table>
</li>
<li><label for="acceptedby"> Accepted by:</label><select id="acceptedby" name="acceptedby"><option value="">Any</option>
[% FOREACH acceptedby_loo IN acceptedby_loop %][% IF ( acceptedby_loo.selected ) %] <option value="[% acceptedby_loo.code %]" selected="selected">[% acceptedby_loo.desc %]</option>[% ELSE %]<option value="[% acceptedby_loo.code %]">[% acceptedby_loo.desc %]</option>[% END %][% END %]
</select></li>
<li><label for="accepteddate_from"> Accepted on:</label>
<table class="invis">
<tr>
<td><label for="accepteddate_from">from:</label></td><td><input type="text" id="accepteddate_from" name="accepteddate_from" value="[% accepteddate_from %]" style="width:76px;" /></td>
</tr>
<tr>
<td><label for="accepteddate_to">to:</label></td><td><input type="text" id="accepteddate_to" name="accepteddate_to" value="[% accepteddate_to %]" style="width:76px;" /></td>
</tr>
</table>
</li>
<li><input type="submit" value="Go" /></li></ol>
</fieldset>
<fieldset class="brief"><h4 class="local_collapse"><a href="#">Acquisition information</a></h4>
<ol><li><label for="budgetid"> Book fund:</label>
<select name="budgetid" id="budgetid"><option value="">Any</option>[% FOREACH budgetid_loo IN budgetid_loop %]
[% IF ( budgetid_loo.selected ) %] <option value="[% budgetid_loo.code %]" selected="selected">[% budgetid_loo.desc %]</option>[% ELSE %]<option value="[% budgetid_loo.code %]">[% budgetid_loo.desc %]</option>[% END %]
[% END %]
</select></li>
<li><label for="branchcode"> For:</label>
<select name="branchcode" id="branchcode">
<option value="__ANY__">Any</option>[% FOREACH branchloo IN branchloop %]
[% IF ( branchloo.selected ) %] <option value="[% branchloo.value %]" selected="selected">[% branchloo.branchname %]</option>[% ELSE %] <option value="[% branchloo.value %]">[% branchloo.branchname %]</option>[% END %]
[% END %]
</select></li><li><input type="submit" value="Go" /></li></ol>
</fieldset>
</div>
</form>
</div>
[% END %]
[% END %]
</div>
[% END %]
[% INCLUDE 'intranet-bottom.inc' %]
View git blame Copy permalink