Koha/cataloguing/z3950_auth_search.pl
Julian Maurice 96cc447045 Bug 25898: Prohibit indirect object notation
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-10-15 12:56:30 +02:00

107 lines
3.6 KiB
Perl
Executable file

#!/usr/bin/perl
# This file is part of Koha.
#
# Copyright 2013 Prosentient Systems
#
# Koha is free software; you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation; either version 3 of the License, or (at your option) any later
# version.
#
# Koha is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with Koha; if not, see <http://www.gnu.org/licenses>.
use Modern::Perl;
use CGI qw / -utf8 /;
use C4::Auth;
use C4::Output;
use C4::Context;
use C4::Breeding;
use C4::Koha;
my $input = CGI->new;
my $dbh = C4::Context->dbh;
my $error = $input->param('error');
my $authid = $input->param('authid') || 0;
my $nameany = $input->param('nameany');
my $authorany = $input->param('authorany');
my $authorcorp = $input->param('authorcorp');
my $authorpersonal = $input->param('authorpersonal');
my $authormeetingcon = $input->param('authormeetingcon');
my $title = $input->param('title');
my $uniformtitle = $input->param('uniformtitle');
my $subject = $input->param('subject');
my $subjectsubdiv = $input->param('subjectsubdiv');
my $srchany = $input->param('srchany');
my $op = $input->param('op')||'';
my $page = $input->param('current_page') || 1;
$page = $input->param('goto_page') if $input->param('changepage_goto');
my $controlnumber = $input->param('controlnumber');
my ( $template, $loggedinuser, $cookie ) = get_template_and_user({
template_name => "cataloguing/z3950_auth_search.tt",
query => $input,
type => "intranet",
flagsrequired => { catalogue => 1 },
});
$template->param(
nameany => $nameany,
authorany => $authorany,
authorcorp => $authorcorp,
authorpersonal => $authorpersonal,
authormeetingcon => $authormeetingcon,
title => $title,
uniformtitle => $uniformtitle,
subject => $subject,
subjectsubdiv => $subjectsubdiv,
srchany => $srchany,
authid => $authid,
controlnumber => $controlnumber,
);
if ( $op ne "do_search" ) {
my $sth = $dbh->prepare("SELECT id,host,servername,checked FROM z3950servers WHERE recordtype = 'authority' ORDER BY `rank`, servername");
$sth->execute();
my $serverloop = $sth->fetchall_arrayref( {} );
$template->param(
serverloop => $serverloop,
opsearch => "search",
);
output_html_with_http_headers $input, $cookie, $template->output;
exit;
}
my @id = $input->multi_param('id');
if ( @id==0 ) {
# empty server list -> report and exit
$template->param( emptyserverlist => 1 );
output_html_with_http_headers $input, $cookie, $template->output;
exit;
}
my $pars= {
page => $page,
id => \@id,
nameany => $nameany,
authorany => $authorany,
authorcorp => $authorcorp,
authorpersonal => $authorpersonal,
authormeetingcon => $authormeetingcon,
title => $title,
uniformtitle => $uniformtitle,
subject => $subject,
subjectsubdiv => $subjectsubdiv,
srchany => $srchany,
authid => $authid,
controlnumber => $controlnumber,
};
Z3950SearchAuth($pars, $template);
output_html_with_http_headers $input, $cookie, $template->output;