Koha/svc/members/search
Jonathan Druart 9b34b07d62 Bug 17375: Search by dateofbirth - handle invalid dates
Prevent internal software error when searching patron with invalid birth date

To reproduce:

- Go to Home > Patron
- Expand patron search (click on + at the left of the search button)
- In drop down 'Search fields', select 'Date of birth'
- Enter a valid date (e.g. 11.02.1995 if syspref 'dateformat' is set to dmydot)
Result: Search works OK
- Enter an invalid date, e.g. 11.02 or abcd...
Result: Internal server error

- Do a patron search with many results
- Use filter on results screen, select 'Date of birth' as search field and
  enter an invalid date to search (e.g. 'a')
Result: Endless message 'Processing'

To test:
- Apply patch
- Repeat steps above
- In both cases, you should get "No results"

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Lucio Moraes <lmoraes@catalyst.net.nz>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-10-27 13:18:32 +00:00

162 lines
5.3 KiB
Perl
Executable file

#!/usr/bin/perl
# Copyright 2013 BibLibre
#
# This file is part of Koha
#
# Koha is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# Koha is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
use Modern::Perl;
use CGI;
use C4::Auth qw( get_template_and_user haspermission get_user_subpermissions );
use C4::Output qw( output_with_http_headers );
use C4::Utils::DataTables qw( dt_get_params );
use C4::Utils::DataTables::Members qw( search );
use Koha::DateUtils qw( output_pref dt_from_string );
my $input = new CGI;
exit unless $input->param('template_path');
my ($template, $user, $cookie) = get_template_and_user({
template_name => scalar $input->param('template_path'),
query => $input,
type => "intranet",
authnotrequired => 0,
flagsrequired => { borrowers => 1 }
});
my $searchmember = $input->param('searchmember');
my $firstletter = $input->param('firstletter');
my $categorycode = $input->param('categorycode');
my $branchcode = $input->param('branchcode');
my $searchtype = $input->param('searchtype');
my $searchfieldstype = $input->param('searchfieldstype') || 'standard';
my $has_permission = $input->param('has_permission');
my $selection_type = $input->param('selection_type');
# variable information for DataTables (id)
my $sEcho = $input->param('sEcho');
my %dt_params = dt_get_params($input);
foreach (grep {$_ =~ /^mDataProp/} keys %dt_params) {
$dt_params{$_} =~ s/^dt_//;
}
my $results;
# If the user filled a term, maybe it's a cardnumber.
# This cannot be the case if a first letter is given.
if ( $searchmember
and not $firstletter
and $searchfieldstype
and $searchfieldstype eq 'standard' )
{
my $member = C4::Members::GetMember( cardnumber => $searchmember );
$results = {
iTotalRecords => 1,
iTotalDisplayRecords => 1,
patrons => [ $member ],
} if $member;
}
# Perform the patrons search
$results = C4::Utils::DataTables::Members::search(
{
searchmember => $searchmember,
firstletter => $firstletter,
categorycode => $categorycode,
branchcode => $branchcode,
searchtype => $searchtype,
searchfieldstype => $searchfieldstype,
dt_params => \%dt_params,
}
) unless $results;
# It is not recommanded to use the has_permission param if you use the pagination
# The filter is done AFTER requested the data
if ($has_permission) {
my ( $permission, $subpermission ) = split /\./, $has_permission;
my @patrons_with_permission;
for my $patron ( @{ $results->{patrons} } ) {
my $perms = haspermission( $patron->{userid} );
if ( $perms->{superlibrarian} == 1
or $perms->{$permission} == 1 )
{
push @patrons_with_permission, $patron;
next;
}
if ($subpermission) {
my $subperms = get_user_subpermissions( $patron->{userid} );
push @patrons_with_permission, $patron
if $subperms->{$permission}->{$subpermission};
}
}
$results->{patrons} = \@patrons_with_permission;
$results->{iTotalDisplayRecords} = scalar( @patrons_with_permission );
}
$template->param(
sEcho => $sEcho,
iTotalRecords => $results->{iTotalRecords},
iTotalDisplayRecords => $results->{iTotalDisplayRecords},
aaData => $results->{patrons},
selection_type => $selection_type,
);
output_with_http_headers $input, $cookie, $template->output, 'json';
__END__
=head1 NAME
search - a search script for finding patrons
=head1 SYNOPSIS
This script provides a service for template for patron search using DataTables
=head2 Performing a search
Call this script from a DataTables table my $searchmember = $input->param('searchmember');
All following params are optional:
searchmember => the search terms
firstletter => search patrons with surname begins with this pattern (currently only used for 1 letter)
categorycode and branchcode => search patrons belong to a given categorycode or a branchcode
searchtype: can be 'contain' or 'start_with'
searchfieldstype: Can be 'standard', 'email', 'borrowernumber', 'userid', 'phone' or 'address'
=cut
=back
=head1 LICENSE
Copyright 2013 BibLibre
This file is part of Koha.
Koha is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
Foundation; either version 2 of the License, or (at your option) any later
version.
Koha is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with Koha; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.