From 92af04b913baca0ec1029f0264afcee1777bb716 Mon Sep 17 00:00:00 2001 From: Wainui Witika-Park Date: Mon, 21 Feb 2022 04:57:49 +0000 Subject: [PATCH] Revert "Bug 26102: Prevent XSS when To.json is used: catalogue/results.tt" This reverts commit 55c003f4afb0d32c4b5e320c728eae7c566cd82d. --- .../prog/en/modules/catalogue/results.tt | 317 ++++++++++++++++-- 1 file changed, 294 insertions(+), 23 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/results.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/results.tt index e91c1fac79..68e5388e31 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/results.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/results.tt @@ -694,30 +694,301 @@ verify_images(); }); [% END %] + var Sticky; + $(document).ready(function() { + + $(".moretoggle").click(function(e) { + e.preventDefault(); + $(this).siblings(".collapsible-facet").toggle(); + $(this).siblings(".moretoggle").toggle(); + $(this).toggle(); + }); + + Sticky = $("#searchheader"); + Sticky.hcSticky({ + stickTo: "main", + stickyClass: "floating" + }); + + $("#cartsubmit").click(function(e){ + e.preventDefault(); + addMultiple(); + }); + + $(".addtolist").on("click",function(e){ + e.preventDefault(); + var shelfnumber = $(this).data("shelfnumber"); + var vshelf = vShelfAdd(); + if( vshelf ){ + if( $(this).hasClass("morelists") ){ + openWindow('/cgi-bin/koha/virtualshelves/addbybiblionumber.pl?' + vshelf); + } else if( $(this).hasClass("newlist") ){ + openWindow('/cgi-bin/koha/virtualshelves/addbybiblionumber.pl?newshelf=1&' + vshelf); + } else { + openWindow('/cgi-bin/koha/virtualshelves/addbybiblionumber.pl?shelfnumber='+shelfnumber+'&confirm=1&' + vshelf); + } + } + }); + + $("#z3950submit").click(function(){ + PopupZ3950(); + return false; + }); + + $("#searchheader").on("click", ".browse_selection", function(){ + browse_selection(); + return false; + }); + + $("#searchheader").on("click",".placehold", function(){ + $("#holdFor").val(""); + $("#holdForClub").val(""); + placeHold(); + $(".btn-group").removeClass("open"); + return false; + }); + + $(".placeholdfor").click(function(){ + holdForPatron(); + $(".btn-group").removeClass("open"); + return false; + }); + + $(".placeholdforclub").click(function(){ + holdForClub(); + $(".btn-group").removeClass("open"); + return false; + }); + + $("#forgetholdfor, #forgetholdforclub").click(function(){ + forgetPatronAndClub(); + $(".btn-group").removeClass("open"); + return false; + }); + + $("#tagsel_span").html(""); + + $(".selection").show(); + + [% IF ( query_desc ) %] + toHighlight = $("p,span.results_summary,a.title"); + var query_desc = "[% query_desc |replace("'", "\'") |replace('"', '\"') |replace('\n', '\\n') |replace('\r', '\\r') | html %]"; + q_array = query_desc.split(" "); + // ensure that we don't have "" at the end of the array, which can + // break the highlighter + while (q_array.length > 0 && q_array[q_array.length-1] == "") { + q_array = q_array.splice(0,-1); + } + highlightOn(); + $("#highlight_toggle_on" ).hide().click(function(e) { + e.preventDefault(); + highlightOn(); + }); + $("#highlight_toggle_off").show().click(function(e) { + e.preventDefault(); + highlightOff(); + }); + [% END %] + + [% IF (SEARCH_RESULTS) %] + var newresults = [ + [%- FOREACH result IN SEARCH_RESULTS -%] + [%- result.biblionumber | html %], + [%- END -%] + ]; + var browser = KOHA.browser('[% searchid | html %]', parseInt('[% biblionumber | html %]', 10)); + browser.create([% SEARCH_RESULTS.first.result_number | html %], '[% query_cgi | html %]', '[% limit_cgi | html %]','[% sort_cgi | html %]', + newresults, '[% total | html %]'); + [% END %] + + [% IF (gotoPage && gotoNumber) %] + [% IF (gotoNumber == 'first') %] + window.location = '/cgi-bin/koha/catalogue/[% gotoPage | html %]?biblionumber=' + [% SEARCH_RESULTS.first.biblionumber | html %] + '&searchid=[% searchid | html %]'; + [% ELSIF (gotoNumber == 'last') %] + window.location = '/cgi-bin/koha/catalogue/[% gotoPage | html %]?biblionumber=' + [% SEARCH_RESULTS.last.biblionumber | html %] + '&searchid=[% searchid | html %]'; + [% END %] + [% END %] + + [% IF LocalCoverImages %] + KOHA.LocalCover.LoadResultsCovers(); + [% END %] + + [% IF ( IntranetCoce && CoceProviders ) %] + KOHA.coce.getURL('[% CoceHost | html %]', '[% CoceProviders | html %]'); + [% END %] + + $("#select_all").on("click",function(e){ + e.preventDefault(); + selectAll(); + }); + + $("#clear_all").on("click",function(e){ + e.preventDefault(); + clearAll(); + }); + + $("#searchresults").on("click",".addtocart",function(e){ + e.preventDefault(); + var selection_id = this.id; + var biblionumber = selection_id.replace("cart",""); + addRecord(biblionumber); + }); + + $("#searchresults").on("click",".cartRemove",function(e){ + e.preventDefault(); + var selection_id = this.id; + var biblionumber = selection_id.replace("cartR",""); + delSingleRecord(biblionumber); + }); + + [% UNLESS Koha.Preference('BrowseResultSelection') %] + resetSearchContext(); + [% END %] + $(".selection").change(function(){ + if ( $(this).is(':checked') == true ) { + addBibToContext( $(this).val() ); + } else { + delBibToContext( $(this).val() ); + } + }); + $("#bookbag_form").ready(function(){ + $("#bookbag_form").unCheckCheckboxes(); + var bibnums = getContextBiblioNumbers(); + if (bibnums) { + for (var i=0; i < bibnums.length; i++) { + var id = ('#bib' + bibnums[i]); + if ($(id)) { + $(id).attr('checked', true); + } + } + } + }); + + }); + + + [% IF ( query_desc ) %] + function highlightOff() { + toHighlight.removeHighlight(); + $(".highlight_toggle").toggle(); + } + function highlightOn() { + var x; + for (x in q_array) { + q_array[x] = q_array[x].toLowerCase(); + var myStopwords = "[% Koha.Preference('NotHighlightedWords') | html %]".toLowerCase().split('|'); + if ( (q_array[x].length > 0) && ($.inArray(q_array[x], myStopwords) == -1) ) { + toHighlight.highlight(q_array[x]); + } + } + $(".highlight_toggle").toggle(); + } + [% END %] + + function selectAll () { + $("#bookbag_form").checkCheckboxes(); + $("#bookbag_form").find("input[type='checkbox'][name='biblionumber']").each(function(){ + $(this).change(); + } ); + return false; + } + function clearAll () { + $("#bookbag_form").unCheckCheckboxes(); + $("#bookbag_form").find("input[type='checkbox'][name='biblionumber']").each(function(){ + $(this).change(); + } ); + return false; + } + function placeHold () { + var checkedItems = $(".selection:checked"); + if ($(checkedItems).size() == 0) { + alert(MSG_NO_ITEM_SELECTED); + return false; + } + var bibs = ""; + var badBibs = false; + $(checkedItems).each(function() { + var bib = $(this).val(); + if ($("#reserve_" + bib).size() == 0) { + alert(MSG_NON_RESERVES_SELECTED); + badBibs = true; + return false; + } + bibs += bib + "/"; + }); + if (badBibs) { + return false; + } + $("#hold_form_biblios").val(bibs); + $("#hold_form").submit(); + return false; + } + + function forgetPatronAndClub(){ + $.removeCookie("holdfor", { path: '/' }); + $.removeCookie("holdforclub", { path: '/' }); + $(".holdforlink").remove(); + $("#placeholdc").html(" "+_("Place hold")+""); + } + + function browse_selection () { + var bibnums = getContextBiblioNumbers(); + if ( bibnums && bibnums.length > 0 ) { + var browser = KOHA.browser('', parseInt('[% biblionumber | html %]', 10)); + browser.create(1, '[% query_cgi | html %]', '[% limit_cgi | html %]','[% sort_cgi | html %]', bibnums, bibnums.length); + window.location = '/cgi-bin/koha/catalogue/detail.pl?biblionumber=' + bibnums[0] + '&searchid='+browser.searchid; + } else { + alert(MSG_NO_ITEM_SELECTED); + } + return false; + } + + function addToList () { + var checkedItems = $(".selection:checked"); + if ($(checkedItems).size() == 0) { + alert(MSG_NO_ITEM_SELECTED); + return false; + } + var bibs = ""; + $(checkedItems).each(function() { + bibs += $(this).val() + "/"; + }); + + var url = "/cgi-bin/koha/virtualshelves/addbybiblionumber.pl?biblionumbers=" + bibs; + window.open(url, 'Add_to_virtualshelf', 'width=500, height=400, toolbar=false, scrollbars=yes'); + return false; + } + + /* this function open a popup to search on z3950 server. */ + function PopupZ3950() { + var strQuery = GetZ3950Terms(); + if(strQuery){ + window.open("/cgi-bin/koha/cataloguing/z3950_search.pl?biblionumber=[% biblionumber | html %]"+strQuery,"z3950search",'width=740,height=450,location=yes,toolbar=no,scrollbars=yes,resize=yes'); + } + } + /* provide Z3950 search points */ + function GetZ3950Terms(){ + var strQuery="&frameworkcode="; + [% FOREACH z3950_search_param IN z3950_search_params %] + strQuery += "&" + "[% z3950_search_param.name |uri %]" + "=" + "[% z3950_search_param.value |uri %]"; + [% END %] + return strQuery; + } + + function holdfor(){ + $("#holdFor").val(""); + $("#holdForClub").val(""); + placeHold(); + } + + function holdForPatron() { + $("#holdFor").val("[% holdfor_cardnumber | html %]"); + placeHold(); + } - var new_results_browser = [ - [%- FOREACH result IN SEARCH_RESULTS -%] - [%- result.biblionumber | html -%], - [%- END -%] - ]; - var strQuery="&frameworkcode="; - [%- FOREACH z3950_search_param IN z3950_search_params -%] - strQuery += "&" + "[% z3950_search_param.name |uri %]" + "=" + "[% z3950_search_param.value |uri %]"; - [%- END -%] - - var search_result = { - query_desc: "[% To.json( query_desc ) | html %]", - query_cgi: "[% query_cgi | html %]", - limit_cgi: "[% limit_cgi | html %]", - sort_cgi: "[% sort_cgi | html %]", - sort_by: "[% sort_by | html %]", - gotoPage: "[% gotoPage | html %]", - gotoNumber: "[% gotoNumber | html %]", - searchid: "[% searchid | html %]", - total: "[% total | html %]", - first_result_number: "[% SEARCH_RESULTS.first.result_number | html %]", - first_biblionumber: "[% SEARCH_RESULTS.first.biblionumber | html %]", - last_biblionumber: "[% SEARCH_RESULTS.last.biblionumber | html %]", + function holdForClub() { + $("#holdForClub").val("[% holdforclub | html %]"); + placeHold(); } [% END %] -- 2.39.5