Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/intranet-tmpl/prog/en/modules/tools/manage-marc-import.tt
Jonathan Druart dcd1f5d48c Bug 13618: Add html filters to all the variables 
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.

This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.

To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags

- Remove them from borrower_debarments.comments (there are allowed here)
update  borrower_debarments set comment="html tags possible here";

- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)

Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:05 +00:00

512 lines
22 KiB
Text
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

[% USE raw %]
[% USE Asset %]
[% SET footerjs = 1 %]
[% INCLUDE 'doc-head-open.inc' %]
<title>Koha &rsaquo; Tools &rsaquo; Manage staged MARC records
[% IF ( import_batch_id ) %]
&rsaquo; Batch [% import_batch_id | html %]
[% END %]
</title>
[% INCLUDE 'doc-head-close.inc' %]
[% Asset.css("css/datatables.css") | $raw %]
<style type="text/css">
#jobpanel,#jobstatus,#jobfailed { display : none; }
span.change-status { font-style:italic; color:#666; display:none; }
</style>
</head>
<body id="tools_manage-marc-import" class="tools">
[% INCLUDE 'header.inc' %]
[% INCLUDE 'cat-search.inc' %]
<div id="breadcrumbs"><a href="/cgi-bin/koha/mainpage.pl">Home</a> &rsaquo; <a href="/cgi-bin/koha/tools/tools-home.pl">Tools</a>
[% IF ( import_batch_id ) %]
&rsaquo;
<a href="[% script_name | html %]">Manage staged MARC records</a>
&rsaquo; Batch [% import_batch_id | html %]
[% ELSE %]
&rsaquo; Manage staged MARC records
[% END %]
</div>
<div id="doc3" class="yui-t2">
<div id="bd">
<div id="yui-main">
<div class="yui-b">
<h1>Manage staged MARC records
[% IF ( import_batch_id ) %]
&rsaquo; Batch [% import_batch_id | html %]
[% END %]
</h1>
[% IF ( label_batch_msg ) %]
[% IF ( alert ) %]
<div class="alert">
[% ELSE %]
<div class="dialog message">
[% END %]
<b><p>[% label_batch_msg | html %]</p></b>
</div>
[% END %]
[% IF ( did_clean ) %]
<div class="dialog message">Cleaned import batch #[% import_batch_id | html %]</div>
[% END %]
[% IF ( did_delete ) %]
<div class="dialog message">Import batch deleted successfully</div>
[% END %]
[% UNLESS ( batch_list ) %]
[% UNLESS ( batch_info ) %]
<div class="dialog message">
<p>No records have been staged.</p>
<p><a href="/cgi-bin/koha/tools/stage-marc-import.pl">Stage MARC records for import</a>.</p>
</div>
[% END %]
[% END %]
[% IF ( batch_info ) %]
[% IF ( can_commit ) %]
<form action="[% script_name | html %]" method="post">
<input type="hidden" name="op" value="redo-matching" />
<input type="hidden" name="import_batch_id" value="[% import_batch_id | html %]" />
<input type="hidden" name="current_matcher_id" value="[% current_matcher_id | html %]" />
[% END %]
[% IF ( rematch_attempted ) %]
[% IF ( rematch_failed ) %]
<div class="dialog alert">Failed to apply different matching rule</div>
[% ELSE %]
<div class="dialog message">Applied different matching rule. Number of records matched now
[% num_with_matches | html %]
</div>
[% END %]
[% END %]
[% IF ( changed_overlay_action ) %]
<div class="dialog message">Changed action if matching record found</div>
[% END %]
[% IF ( changed_nomatch_action ) %]
<div class="dialog message">Changed action if no match found</div>
[% END %]
[% IF ( changed_item_action ) %]
<div class="dialog message">Changed item processing option</div>
[% END %]
<fieldset class="rows" id="staged-record-matching-rules">
<ol>
<li><span class="label">File name:</span> [% file_name | html %]</li>
<li><span class="label">Comments:</span> [% IF ( comments ) %][% comments | html %][% ELSE %](none)[% END %]</li>
<li><span class="label">Type:</span> [% IF ( record_type == 'auth' ) %]Authority records[% ELSE %]Bibliographic records[% END %]</li>
<li><span class="label">Staged:</span> [% upload_timestamp | html %]</li>
<li><span class="label">Status:</span>
[% IF ( import_status == 'cleaned' ) %]
Cleaned
[% ELSIF ( import_status == 'imported' ) %]
Imported
[% ELSIF ( import_status == 'importing' ) %]
Importing
[% ELSIF ( import_status == 'reverted' ) %]
Reverted
[% ELSIF ( import_status == 'reverting' ) %]
Reverting
[% ELSIF ( import_status == 'staged' ) %]
Staged
[% ELSE %]
[% import_status | html %]
[% END %]
</li>
<li>
[% IF ( can_commit ) %]<label for="new_matcher_id">Matching rule applied:</label><select name="new_matcher_id" id="new_matcher_id">
<option value="">Do not look for matching records</option>
[% FOREACH available_matcher IN available_matchers %]
[% IF ( available_matcher.selected ) %]
<option value="[% available_matcher.matcher_id | html %]" selected="selected">
[% available_matcher.code | html %] ([% available_matcher.description | html %])
</option>
[% ELSE %]
<option value="[% available_matcher.matcher_id | html %]">
[% available_matcher.code | html %] ([% available_matcher.description | html %])
</option>
[% END %]
[% END %]
</select> <span class="change-status">Changed. <a href="#" class="reset" id="reset_new_matcher_id">Reset</a></span>[% ELSE %]<span class="label">Matching rule applied</span>[% IF ( current_matcher_id ) %]
[% current_matcher_code | html %] ([% current_matcher_description | html %])
[% ELSE %]
No matching rule in effect
[% END %][% END %]
</li>
<li>
[% IF ( can_commit ) %]
<label for="overlay_action">Action if matching record found:</label>
[% INCLUDE 'tools-overlay-action.inc' %] <span class="change-status">Changed. <a href="#" class="reset" id="reset_overlay_action">Reset</a></span>
[% ELSE %]
<span class="label">Action if matching record found:</span>
[% IF ( overlay_action == 'replace' ) %]
Replace existing record with incoming record
[% ELSIF ( overlay_action == 'create_new' ) %]
Add incoming record
[% ELSIF ( overlay_action == 'ignore' ) %]
Ignore incoming record (its items may still be processed)
[% ELSE %]
[% overlay_action | html %]
[% END %]
[% END %]</li>
<li>
[% IF ( can_commit ) %]
<label for="nomatch_action">Action if no match found:</label>
[% INCLUDE 'tools-nomatch-action.inc' %] <span class="change-status">Changed. <a href="#" class="reset" id="reset_nomatch_action">Reset</a></span>
[% ELSE %]
<span class="label">Action if no match found:</span>
[% IF ( nomatch_action == 'create_new' ) %]
Add incoming record
[% ELSIF ( nomatch_action == 'ignore' ) %]
Ignore incoming record (its items may still be processed)
[% ELSE %]
[% nomatch_action | html %]
[% END %]
[% END %]
</li>
[% IF ( record_type == 'biblio' ) %]
<li>
[% IF ( can_commit ) %]
<label for="item_action">Item processing:</label>
[% INCLUDE 'tools-item-action.inc' %] <span class="change-status">Changed. <a href="#" class="reset" id="reset_item_action">Reset</a></span>
[% ELSE %]
<span class="label">Item processing:</span>
[% IF ( item_action == 'always_add' ) %]
Always add items
[% ELSIF ( item_action == 'add_only_for_matches' ) %]
Add items only if matching bib was found
[% ELSIF ( item_action == 'add_only_for_new' ) %]
Add items only if no matching bib was found
[% ELSIF ( item_action == 'ignore' ) %]
Ignore items
[% ELSE %]
[% item_action | html %]
[% END %]
[% END %]
</li>
[% END %]
</ol>
[% IF ( can_commit ) %]<fieldset class="action"><input type="submit" value="Apply different matching rules" class="button" /></fieldset></form>[% END %]
</fieldset>
<div>
[% IF ( can_commit ) %]
<form action="[% script_name | html %]" method="post" id="import_batch_form">
<input type="hidden" name="op" value="commit-batch" />
<input type="hidden" name="runinbackground" value="" />
<input type="hidden" name="completedJobID" value="" />
<input type="hidden" name="import_batch_id" value="[% import_batch_id | html %]" />
<fieldset class="action">
[% IF ( record_type != 'auth' ) %]
Add new bibliographic records into this framework:
<select name="framework" id="frameworks">
<option value="">Default</option>
[% FOREACH framework IN frameworks %]
<option value="[% framework.frameworkcode | html %]">[% framework.frameworktext | html %]</option>
[% END %]
</select>
[% END %]
<br/>
<input type="submit" class="button" name="mainformsubmit" value="Import this batch into the catalog" />
</fieldset>
</form>
<div id="jobpanel"><div id="jobstatus" class="progress_panel">Job progress: <div id="jobprogress"></div> <span id="jobprogresspercent">0</span>%</div>
<div id="jobfailed"></div></div>
[% END %]
[% IF ( can_revert ) %]
<form action="[% script_name | html %]" method="post" id="revert_batch_form">
<input type="hidden" name="op" value="revert-batch" />
<input type="hidden" name="runinbackground" value="" />
<input type="hidden" name="completedJobID" value="" />
<input type="hidden" name="import_batch_id" value="[% import_batch_id | html %]" />
<fieldset class="action"><input type="submit" class="button" name="mainformsubmit" value="Undo import into catalog" /></fieldset>
</form>
<div id="jobpanel"><div id="jobstatus">Job progress: <div id="jobprogress"></div> <span id="jobprogresspercent">0</span>%</div>
<div id="jobfailed"></div></div>
[% END %]
</div>
[% IF ( did_commit ) %]
<div class="dialog message">Completed import of records</div>
<table>
<tr><td>Number of records added</td><td>[% num_added | html %]</td></tr>
<tr><td>Number of records updated</td><td>[% num_updated | html %]</td></tr>
<tr><td>Number of records ignored</td><td>[% num_ignored | html %]</td></tr>
[% IF ( record_type == 'biblio' ) %]
<tr><td>Number of items added</td><td>[% num_items_added | html %]</td></tr>
<tr><td>Number of items replaced</td><td>[% num_items_replaced | html %]</td></tr>
<tr><td>Number of items ignored because of duplicate barcode</td><td>[% num_items_errored | html %]</td></tr>
[% END %]
</table>
[% END %]
[% IF ( did_revert ) %]
<div class="dialog message">Success: Import reversed</div>
<table>
<tr><td>Number of records deleted</td><td>[% num_deleted | html %]</td></tr>
[% IF ( record_type == 'biblio' ) %]
<tr><td>Number of items deleted</td><td>[% num_items_deleted | html %]</td></tr>
<tr><td>Number of records not deleted due to items on loan</td><td>[% num_errors | html %]</td></tr>
[% END %]
<tr><td>Number of records changed back</td><td>[% num_reverted | html %]</td></tr>
<tr><td>Number of records ignored</td><td>[% num_ignored | html %]</td></tr>
</table>
[% END %]
[% END %]
<br style="clear:both;" />
[% IF ( batch_list ) %]
[% IF ( pages ) %]
<div class="pages">
[% FOREACH page IN pages %]
[% IF ( page.current_page ) %]
<span class="current">[% page.page_number | html %]</span>
[% ELSE %]
<a href="[% page.script_name | html %]?offset=[% page.offset | html %]">[% page.page_number | html %]</a>
[% END %]
[% END %]
</div>
[% END %]
<table>
<tr>
<th>#</th>
<th>File name</th>
<th>Comments</th>
<th>Type</th>
<th>Status</th>
<th>Staged</th>
<th># Records</th>
<th># Items</th>
<th>Action</th>
</tr>
[% FOREACH batch_lis IN batch_list %]
<tr>
<td>[% batch_lis.import_batch_id | html %]</td>
<td><a href="[% batch_lis.script_name | html %]?import_batch_id=[% batch_lis.import_batch_id | html %]">[% batch_lis.file_name | html %]</a></td>
<td>[% batch_lis.comments | html %]</td>
<td>[% IF ( batch_lis.record_type == 'auth' ) %]Authority[% ELSE %]Bibliographic[% END %]</td>
<td>
[% IF ( batch_lis.import_status == 'cleaned' ) %]
Cleaned
[% ELSIF ( batch_lis.import_status == 'imported' ) %]
Imported
[% ELSIF ( batch_lis.import_status == 'importing' ) %]
Importing
[% ELSIF ( batch_lis.import_status == 'reverted' ) %]
Reverted
[% ELSIF ( batch_lis.import_status == 'reverting' ) %]
Reverting
[% ELSIF ( batch_lis.import_status == 'staged' ) %]
Staged
[% ELSE %]
[% batch_lis.import_status | html %]
[% END %]
</td>
<td>[% batch_lis.upload_timestamp | html %]</td>
<td>[% batch_lis.num_records | html %]</td>
<td>[% batch_lis.num_items | html %][% IF ( batch_lis.num_items ) %] <a href="[% batch_lis.script_name | html %]?import_batch_id=[% batch_lis.import_batch_id | html %]&amp;op=create_labels">(Create label batch)</a>[% END %]</td>
<td class="actions">
[% IF ( batch_lis.can_clean ) %]
<form method="post" action="[% batch_lis.script_name | html %]" name="clean_batch_[% batch_lis.import_batch_id | html %]" id="clean_batch_[% batch_lis.import_batch_id | html %]" class="batch_form batch_clean" >
<input type="hidden" name="import_batch_id" value="[% batch_lis.import_batch_id | html %]" />
<input type="hidden" name="op" value="clean-batch" />
<button type="submit" class="btn btn-default btn-xs"><i class="fa fa-eraser"></i> Clean</button>
</form>
[% ELSIF ( batch_lis.import_status == 'cleaned' ) %]
<form method="post" action="/cgi-bin/koha/tools/manage-marc-import.pl" name="delete_batch_[% batch_lis.import_batch_id | html %]" id="delete_batch_[% batch_lis.import_batch_id | html %]" class="batch_form batch_delete">
<input type="hidden" name="import_batch_id" value="[% batch_lis.import_batch_id | html %]" />
<input type="hidden" name="op" value="delete-batch" />
<button type="submit" class="btn btn-default btn-xs"><i class="fa fa-trash"></i> Delete</button>
</form>
[% END %]
</td>
</tr>
[% END %]
</table>
[% IF ( pages ) %]
<div class="pages">
[% FOREACH page IN pages %]
[% IF ( page.current_page ) %]
<span class="current">[% page.page_number | html %]</span>
[% ELSE %]
<a href="[% page.script_name | html %]?offset=[% page.offset | html %]">[% page.page_number | html %]</a>
[% END %]
[% END %]
</div>
[% END %]
[% END %]
[% IF import_batch_id %]
<table id="records-table">
<thead>
<tr>
<th>#</th>
<th>Citation</th>
<th>Status</th>
<th>Match type</th>
<th>Match details</th>
<th><abbr title="Differences between the original biblio and the imported">Diff</abbr></th>
<th>Record</th>
</tr>
</thead>
</table>
<div id="marcPreview" class="modal fade" tabindex="-1" role="dialog" aria-labelledby="marcPreviewLabel" aria-hidden="true">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="closebtn" data-dismiss="modal" aria-hidden="true">×</button>
<h3 id="marcPreviewLabel">MARC preview</h3>
</div>
<div class="modal-body">
<div id="loading"> <img src="[% interface | html %]/[% theme | html %]/img/spinner-small.gif" alt="" /> Loading </div>
</div>
<div class="modal-footer">
<button class="btn btn-default" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</div>
</div>
</div>
[% END %]
</div>
</div>
<div class="yui-b">
[% INCLUDE 'tools-menu.inc' %]
</div>
</div>
[% MACRO jsinclude BLOCK %]
[% Asset.js("js/tools-menu.js") | $raw %]
[% Asset.js("js/background-job-progressbar.js") | $raw %]
[% INCLUDE 'datatables.inc' %]
<script type="text/javascript">
$(document).ready(function(){
$("#staged-record-matching-rules select").change(function(){
var str = $(this).attr("id");
$("#reset_"+str).parent().show();
});
$("a.reset").click(function(){
var str = $(this).attr("id");
str = str.replace("reset_","")
$("#"+str+" option[selected='selected']").attr("selected","selected");
$(this).parent().hide();
});
[% IF import_batch_id %]
$("#records-table").dataTable($.extend(true, {}, dataTablesDefaults, {
"bAutoWidth": false,
"bFilter": false,
"bProcessing": true,
"bServerSide": true,
"sAjaxSource": 'batch_records_ajax.pl',
"sPaginationType": "full_numbers",
"sDom": '<"top pager"iflp>rt<"bottom pager"flp><"clear">',
"aoColumns": [
{ "mDataProp": "import_record_id" },
{ "mDataProp": "citation" },
{ "mDataProp": "status" },
{ "mDataProp": "overlay_status" },
{ "mDataProp": "match_citation" },
{ "mDataProp": "diff_url" },
{ "mDataProp": "matched" }
],
"fnServerData": function ( sSource, aoData, fnCallback ) {
aoData.push( { "name": "import_batch_id", "value": [% import_batch_id | html %] } );
$.ajax({
'dataType': 'json',
'type': 'POST',
'url': sSource,
'data': aoData,
'success': function(json){
fnCallback(json);
}
});
},
"fnRowCallback": function( nRow, aData, iDisplayIndex, iDisplayIndexFull ) {
[% IF ( record_type == 'auth' ) %]
var record_details_url = "/cgi-bin/koha/authorities/detail.pl?authid=";
[% ELSE %]
var record_details_url = "/cgi-bin/koha/catalogue/detail.pl?biblionumber=";
[% END %]
$('td:eq(1)', nRow).html(
'<a href="/cgi-bin/koha/catalogue/showmarc.pl?importid=' + aData['import_record_id'] + '&viewas=html" class="previewMARC">' + aData['citation'] + '</a>'
);
$('td:eq(2)', nRow).html(
aData['status'] == 'imported' ? _("Imported") :
aData['status'] == 'ignored' ? _("Ignored") :
aData['status'] == 'reverted' ? _("Reverted") :
aData['status'] == 'staged' ? _("Staged") :
aData['status'] == 'error' ? _("Error") :
aData['status']
);
$('td:eq(3)', nRow).html(
aData['overlay_status'] == 'no_match' ? _("No match") :
aData['overlay_status'] == 'match_applied' ? _("Match applied") :
aData['overlay_status'] == 'auto_match' ? _("Match found") :
aData['overlay_status']
);
if ( aData['match_id'] ) {
[% IF ( record_type == 'auth' ) -%]
var matching_msg = _("Matches authority %s (score=%s):%s");
[%- ELSE -%]
var matching_msg = _("Matches biblio %s (score=%s):%s");
[%- END %]
$('td:eq(4)', nRow).html(
matching_msg.format(aData['match_id'], aData['score'],
'<a target="_blank" href="' + record_details_url
+ aData['match_id'] + '">' + aData['match_citation'] + '</a>')
);
}
if (aData['diff_url']){
$('td:eq(5)', nRow).html(
'<a href="'+aData['diff_url']+'">' + _("View") + '</a>'
);
}
$('td:eq(6)', nRow).html(
'<a target="_blank" href="' + record_details_url
+ aData['matched'] + '">' + aData['matched'] + '</a>'
);
},
}));
$("#import_batch_form").on("submit",function(){
return submitBackgroundJob( document.getElementById("import_batch_form") );
});
$("#revert_batch_form").on("submit",function(){
return confirm( _("Are you sure you want to undo the import of this batch into the catalog?") ) && submitBackgroundJob( document.getElementById("revert_batch_form") );
});
[% END %]
$("body").on("click",".previewMARC", function(e){
e.preventDefault();
var ltitle = $(this).text();
var page = $(this).attr("href");
$("#marcPreviewLabel").text(ltitle);
$("#marcPreview .modal-body").load(page + " table");
$('#marcPreview').modal({show:true});
});
$("#marcPreview").on("hidden", function(){
$("#marcPreviewLabel").html("");
$("#marcPreview .modal-body").html("<div id=\"loading\"><img src=\"[% interface | html %]/[% theme | html %]/img/spinner-small.gif\" alt=\"\" /> "+_("Loading")+"</div>");
});
$(".batch_form").on("submit",function(){
if( $(this).hasClass("batch_delete") ){
return confirm( _("Are you sure you want to permanently delete this batch?") );
} else {
return confirm( _("Clear all reservoir records staged in this batch? This cannot be undone.") );
}
});
});
</script>
[% END %]
[% INCLUDE 'intranet-bottom.inc' %]
View git blame Copy permalink