Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-serial-issues.tt
Jonathan Druart f94162564a Bug 18726: Fix XSS at the OPAC - biblionumber 
The biblionumber parameter is sent by the user, we must escape all of
them to avoid XSS.

Fixes: Cross-site scripting OPAC pages

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00

162 lines
10 KiB
Text
Raw Blame History

[% USE Koha %]
[% INCLUDE 'doc-head-open.inc' %]
<title>[% IF ( LibraryNameTitle ) %][% LibraryNameTitle %][% ELSE %]Koha online[% END %] catalog &rsaquo; Issues for a subscription</title>
[% INCLUDE 'doc-head-close.inc' %]
[% BLOCK cssinclude %][% END %]
</head>
[% INCLUDE 'bodytag.inc' bodyid='opac-serials-issues' %]
[% INCLUDE 'masthead.inc' %]
<div class="main">
<ul class="breadcrumb">
<li><a href="/cgi-bin/koha/opac-main.pl">Home</a> <span class="divider">&rsaquo;</span></li>
<li><a href="/cgi-bin/koha/opac-detail.pl?biblionumber=[% biblionumber | html %]">Details for [% bibliotitle %]</a> <span class="divider">&rsaquo;</span></li>
<li><a href="#">Issues for a subscription</a></li>
</ul>
<div class="container-fluid">
<div class="row-fluid">
[% IF ( OpacNav || OpacNavBottom ) %]
<div class="span2">
<div id="navigation">
[% INCLUDE 'navigation.inc' %]
</div>
</div>
<div class="span10">
[% ELSE %]
<div class="span12">
[% END %]
<div id="userserialissues">
<h2>Issues for a subscription</h2>
<div id="views">
<span class="view">
<a id="Normalview" href="opac-detail.pl?biblionumber=[% biblionumber | html %]" class="button">Normal view</a>
</span>
<span class="view"><span id="Briefhistory">Brief history</span></span>
<span class="view"><a id="Fullhistory" href="opac-serial-issues.pl?selectview=full&amp;biblionumber=[% biblionumber | html%]" class="button">Full history</a></span>
</div>
<form method="post" name="f">
[% FOREACH subscription_LOO IN subscription_LOOP %]
<div id="subscriptionline[% subscription_LOO.subscriptionid %]" style="border-bottom:1px solid #EEE;">
<h3>Subscription information for [% subscription_LOO.bibliotitle %]</h3>
<p>
The current subscription began on [% subscription_LOO.startdate %] and is issued
[% IF ( subscription_LOO.periodicity1 ) %]
twice per day
[% END %]
[% IF ( subscription_LOO.periodicity2 ) %]
every day
[% END %]
[% IF ( subscription_LOO.periodicity3 ) %]
three times per week
[% END %]
[% IF ( subscription_LOO.periodicity4 ) %]
every week
[% END %]
[% IF ( subscription_LOO.periodicity5 ) %]
every 2 weeks
[% END %]
[% IF ( subscription_LOO.periodicity6 ) %]
every 3 weeks
[% END %]
[% IF ( subscription_LOO.periodicity7 ) %]
every month
[% END %]
[% IF ( subscription_LOO.periodicity8 ) %]
every 2 months
[% END %]
[% IF ( subscription_LOO.periodicity9 ) %]
every quarter
[% END %]
[% IF ( subscription_LOO.periodicity10 ) %]
twice per year
[% END %]
[% IF ( subscription_LOO.periodicity11 ) %]
every year
[% END %]
[% IF ( subscription_LOO.periodicity12 ) %]
every 2 years
[% END %]
[% IF ( subscription_LOO.periodicity13 ) %]
irregularly
[% END %]
[% IF ( subscription_LOO.arrival1 ) %]
on Monday
[% END %]
[% IF ( subscription_LOO.arrival2 ) %]
on Tuesday
[% END %]
[% IF ( subscription_LOO.arrival3 ) %]
on Wednesday
[% END %]
[% IF ( subscription_LOO.arrival4 ) %]
on Thursday
[% END %]
[% IF ( subscription_LOO.arrival5 ) %]
on Friday
[% END %]
[% IF ( subscription_LOO.arrival6 ) %]
on Saturday
[% END %]
[% IF ( subscription_LOO.arrival7 ) %]
on Sunday
[% END %]
for
[% IF ( subscription_LOO.numberlength ) %][% subscription_LOO.numberlength %] issues[% END %]
[% IF ( subscription_LOO.weeklength ) %][% subscription_LOO.weeklength %] weeks[% END %]
[% IF ( subscription_LOO.monthlength ) %][% subscription_LOO.monthlength %] months[% END %]
</p>
<p>The first subscription was started on [% subscription_LOO.histstartdate %]</p>
[% IF ( subscription_LOO.histenddate ) %]
<p>The subscription expired on [% subscription_LOO.histenddate %]</p>
[% END %]
<h4>[% subscription_LOO.branchname %]</h4>
[% IF ( subscription_LOO.notes ) %]
<p>[% subscription_LOO.notes FILTER html_line_break %]</p>
[% END %]
[% IF ( subscription_LOO.recievedlist ) %]
<h5>Available issues</h5>
<p>[% subscription_LOO.recievedlist %]</p>
[% END %]
[% IF ( subscription_LOO.missinglist ) %]
<h5>Unavailable issues</h5>
<p>[% subscription_LOO.missinglist %]</p>
[% END %]
[% IF ( subscription_LOO.opacnote ) %]
<h5>Issues summary</h5>
<p>
[% subscription_LOO.opacnote FILTER html_line_break %]
</p>
[% END %]
[% IF ( subscription_LOO.letter ) %]
[% IF ( loggedinusername ) %]
[% IF ( subscription_LOO.hasalert ) %]
You have subscribed to email notification on new issues <a href="opac-alert-subscribe.pl?op=cancel&amp;externalid=[% subscription_LOO.subscriptionid %]&amp;alerttype=issue&amp;referer=serial&amp;biblionumber=[% subscription_LOO.biblionumber %]" class="btn" title="Cancel email notification">
Cancel email notification
</a>
[% ELSE %]
<a href="opac-alert-subscribe.pl?externalid=[% subscription_LOO.subscriptionid %]&amp;alerttype=issue&amp;referer=serial&amp;biblionumber=[% subscription_LOO.biblionumber %]" class="btn" title="Subscribe to email notification on new issues">
Subscribe to email notification on new issues
</a>
[% END %]
[% ELSE %]
You must log in if you want to subscribe to email notification on new issues
[% END %]
[% END %]
</div> <!-- / #subscriptionline* -->
[% END # FOREACH subscription_LOO %]
</form>
</div> <!-- / #userserialissues -->
</div> <!-- / .span10/12 -->
</div> <!-- / .row-fluid -->
</div> <!-- / .container-fluid -->
</div> <!-- / .main -->
[% INCLUDE 'opac-bottom.inc' %]
[% BLOCK jsinclude %][% END %]
View git blame Copy permalink