Bug 19108: Fix Stored XSS in fieldmapping.pl

[koha.git] / koha-tmpl / intranet-tmpl / prog / en / modules / admin / auth_tag_structure.tt

[% USE AuthorisedValues %]
[% INCLUDE 'doc-head-open.inc' %]
<title>Koha &rsaquo; Administration &rsaquo; Authority MARC framework [% IF ( add_form ) %][% IF ( use_heading_flags_p ) %]
    [% IF ( heading_modify_tag_p ) %]&rsaquo; [% IF ( authtypecode ) %][% authtypecode %] Framework[% ELSE %]Default framework[% END %] &rsaquo; Modify tag[% END %]
    [% IF ( heading_add_tag_p ) %]&rsaquo; [% IF ( authtypecode ) %][% authtypecode %] Framework[% ELSE %]Default framework[% END %] &rsaquo; New tag[% END %]
    [% ELSE %]&rsaquo; [% action %][% END %][% END %][% IF ( delete_confirm ) %]&rsaquo; [% IF ( authtypecode ) %][% authtypecode %] Framework[% ELSE %]Default framework[% END %] &rsaquo; Confirm deletion[% END %][% IF ( delete_confirmed ) %]&rsaquo; [% IF ( authtypecode ) %][% authtypecode %] Framework[% ELSE %]Default framework[% END %] &rsaquo; Data deleted[% END %]</title>
[% INCLUDE 'doc-head-close.inc' %]

<link rel="stylesheet" type="text/css" href="[% interface %]/[% theme %]/css/datatables.css" />
[% INCLUDE 'datatables.inc' %]
<script type="text/javascript">
//<![CDATA[
 $(document).ready(function() {
    $("#table_authtagstructure").dataTable($.extend(true, {}, dataTablesDefaults, {
        "aoColumnDefs": [
            { "aTargets": [ -1 ], "bSortable": false, "bSearchable": false },
        ],
        "sPaginationType": "four_button"
    }));
 });
//]]>
</script>
</head>
<body id="admin_auth_tag_structure" class="admin">
[% INCLUDE 'header.inc' %]
[% INCLUDE 'prefs-admin-search.inc' %]

<div id="breadcrumbs"><a href="/cgi-bin/koha/mainpage.pl">Home</a> &rsaquo; <a href="/cgi-bin/koha/admin/admin-home.pl">Administration</a> &rsaquo;
    <a href="/cgi-bin/koha/admin/authtypes.pl">Authority types</a> &rsaquo;
    [% IF ( add_form ) %]
        [% IF ( use_heading_flags_p ) %]
            [% IF ( heading_modify_tag_p ) %]
                [% IF ( authtypecode ) %]<a href="/cgi-bin/koha/admin/auth_tag_structure.pl?authtypecode=[% authtypecode %]">[% authtypecode %] Framework</a>
                [% ELSE %]<a href="/cgi-bin/koha/admin/auth_tag_structure.pl">Default framework</a>
                [% END %] &rsaquo; Modify tag
            [% END %]
            [% IF ( heading_add_tag_p ) %]
                [% IF ( authtypecode ) %]<a href="/cgi-bin/koha/admin/auth_tag_structure.pl?authtypecode=[% authtypecode %]">[% authtypecode %] framework</a>
                [% ELSE %]<a href="/cgi-bin/koha/admin/auth_tag_structure.pl">Default framework</a>
                [% END %] &rsaquo; New tag
            [% END %]
        [% ELSE %]
            [% IF ( authtypecode ) %]<a href="/cgi-bin/koha/admin/auth_tag_structure.pl?authtypecode=[% authtypecode %]">[% authtypecode %] Framework</a>
            [% ELSE %]<a href="/cgi-bin/koha/admin/auth_tag_structure.pl">Default framework</a>
            [% END %] &rsaquo; [% action %]
        [% END %]
    [% ELSE %]
        [% IF ( delete_confirm ) %]
            [% IF ( authtypecode ) %]<a href="/cgi-bin/koha/admin/auth_tag_structure.pl?authtypecode=[% authtypecode %]">[% authtypecode %] framework</a>
            [% ELSE %]<a href="/cgi-bin/koha/admin/auth_tag_structure.pl">Default framework</a>
            [% END %] &rsaquo; Confirm deletion
        [% ELSE %]
            [% IF ( delete_confirmed ) %]
                [% IF ( authtypecode ) %]<a href="/cgi-bin/koha/admin/auth_tag_structure.pl?authtypecode=[% authtypecode %]">[% authtypecode %] framework</a>
                [% ELSE %]<a href="/cgi-bin/koha/admin/auth_tag_structure.pl">Default framework</a>
                [% END %] &rsaquo; Data deleted
            [% ELSE %]
                [% IF ( authtypecode ) %][% authtypecode %] Framework
                [% ELSE %]Default framework
                [% END %]
            [% END %]
        [% END %]
    [% END %]
</div>

<div id="doc3" class="yui-t2">
   
   <div id="bd">
    <div id="yui-main">
    <div class="yui-b">

<h1>Authority MARC framework for [% IF ( authtypecode ) %][% authtypecode %][% ELSE %]default framework[% END %]</h1>


[% IF ( add_form ) %]

    <h2>
    [% IF ( heading_modify_tag_p ) %]Modify tag[% END %]
    [% IF ( heading_add_tag_p ) %]New tag[% END %]
    </h2>
    <form action="[% script_name %]" name="Aform" method="post" class="validated">
        <input type="hidden" name="op" value="add_validate" />
        [% IF ( heading_modify_tag_p ) %]<input type="hidden" name="modif" value="1" />[% END %]
        <input type="hidden" name="authtypecode" value="[% authtypecode %]" />
        <fieldset class="rows">
            <ol>
                [% IF ( heading_modify_tag_p ) %]
                    <li>
                        <span class="label">Tag: </span>
                        <input type="hidden" name="tagfield" value="[% searchfield %]" />
                        [% searchfield %]
                    </li>
                [% ELSE %]
                    <li>
                        <label for="tagfield" class="required">Tag: </label><input type="text" id="tagfield" name="tagfield" size="5" maxlength="3" required="required" class="required" />
                        <span class="required">Required</span>
                    </li>
                [% END %]

        <li><label for="liblibrarian">Text for librarians: </label><input type="text" name="liblibrarian" id="liblibrarian" value="[% liblibrarian |html %]" size="40" maxlength="100" /></li>
        <li><label for="libopac">Text for opac: </label><input type="text" name="libopac" id="libopac" value="[% libopac |html %]" size="40" maxlength="100" /></li>
        <li><label for="repeatable">Repeatable: </label>
            [% IF ( repeatable ) %]
                <input type="checkbox" name="repeatable" id="repeatable" value="1" checked="checked" />
            [% ELSE %]
                <input type="checkbox" name="repeatable" id="repeatable" value="1" />
            [% END %]
        </li>
        <li><label for="mandatory">Mandatory: </label>
            [% IF ( mandatory ) %]
                <input type="checkbox" name="mandatory" id="mandatory" value="1" checked="checked" />
            [% ELSE %]
                <input type="checkbox" name="mandatory" id="mandatory" value="1" />
            [% END %]
        </li>
        <li><label for="authorised_value">Authorized value: </label>
            <select name="authorised_value" id="authorised_value" size="1">
                <option value=""></option>
                [% PROCESS options_for_authorised_value_categories authorised_value_categories => AuthorisedValues.GetCategories( selected => authorised_value ) %]
            </select>
            (if you select a value here, the indicators will be limited to the authorized value list)
        </li>
        </ol>
        </fieldset>
        <fieldset class="action">
            <input type="submit" value="Submit" />
            <a href="/cgi-bin/koha/admin/auth_tag_structure.pl?authtypecode=[% authtypecode %]" class="cancel">Cancel</a>
        </fieldset>
    </form>
[% END %]


[% IF ( delete_confirm ) %]
    <div class="dialog alert">
        <h3>Confirm deletion</h3>
        <form action="[% script_name %]" method="post">
            <table>
                <tr><th scope="row">Tag: </th><td>[% searchfield %] [% liblibrarian %]</td></tr>
            </table>
            <input type="hidden" name="op" value="delete_confirmed" />
            <input type="hidden" name="authtypecode" value="[% authtypecode %]" />
            <input type="hidden" name="searchfield" value="[% searchfield %]" />
            <button type="submit" class="approve"><i class="fa fa-fw fa-check"></i> Yes, delete</button>
        </form>
        <form action="[% script_name %]" method="get">
            <button type="submit" class="deny"><i class="fa fa-fw fa-remove"></i> No, do not delete</button>
        </form>
    </div>
[% END %]

[% IF ( delete_confirmed ) %]

  <div class="dialog message">  <h3>Data deleted</h3>
    <form action="[% script_name %]" method="post">
    <input type="hidden" name="authtypecode" value="[% authtypecode %]" />
    <input type="hidden" name="searchfield" value="[% searchfield %]" />
    <input type="submit" value="OK" class="submit" />
    </form></div>
[% END %]
[% IF ( authtype_create ) %]

    <form action="[% script_name %]" method="post">
        <input type="hidden" name="op" value="authtype_create_confirm" />
        <input type="hidden" name="authtypecode" value="[% authtypecode %]" />
        Create authority framework for [% authtypecode %] using
        <select name="existingauthtypecode">
        [% FOREACH existingauthtypeloo IN existingauthtypeloop %]
            [% IF existingauthtypeloo.value == "" %]
              <option value="" selected="selected">[% existingauthtypeloo.authtypetext %]</option>
            [% ELSE %]
              <option value="[% existingauthtypeloo.value %]">[% existingauthtypeloo.authtypetext %]</option>
            [% END %]
        [% END %]
        </select>
        <input type="submit" value="OK" class="submit" />
    </form>
[% END %]


[% IF ( else ) %]

<div id="toolbar" class="btn-toolbar">
    <div class="btn-group"><a class="btn btn-default btn-sm" id="newtag" href="/cgi-bin/koha/admin/auth_tag_structure.pl?op=add_form&amp;authtypecode=[% authtypecode %]"><i class="fa fa-plus"></i> New tag</a></div>
</div>

<h2>Select an authority framework</h2>
<form action="[% script_name %]" method="post">
    <select name="authtypecode">
    [% FOREACH authority_type IN authority_types%]
        [% IF authority_type.authtypecode == authtypecode%]
        <option value="[% authority_type.authtypecode %]" selected="selected">[% authority_type.authtypetext %]</option>
        [% ELSE %]
        <option value="[% authority_type.authtypecode%]">[% authority_type.authtypetext %]</option>
        [% END %]
    [% END %]
    </select>
    <input type="text" name="searchfield" value="[% searchfield %]" />
    <input type="submit" value="OK" class="submit" />
</form><br />
<div id="pagertable_authtagstructure">
</div>
<table id="table_authtagstructure">
    <thead>
        <tr>
            <th>Tag</th>
            <th>Lib</th>
            <th>Repeatable</th>
            <th>Mandatory</th>
            <th>Authorized<br />value</th>
            <th>&nbsp;</th>
        </tr>
    </thead>
    <tbody>
        [% FOREACH loo IN loop %]
        <tr>
            <td><b>[% loo.tagfield %]</b></td>
            <td>[% loo.liblibrarian %]</td>
            <td>[% IF ( loo.repeatable ) %]Yes[% ELSE %]No[% END %]</td>
            <td>[% IF ( loo.mandatory ) %]Yes[% ELSE %]No[% END %]</td>
            <td>[% loo.authorised_value %]</td>
            <td>
                <div class="dropdown">
                    <a class="btn btn-default btn-xs dropdown-toggle" id="authtagactions[% loo.tagfield %]" role="button" data-toggle="dropdown" href="#">
                        Actions <b class="caret"></b></a>
                    <ul class="dropdown-menu pull-right" role="menu" aria-labelledby="authtagactions[% loo.tagfield %]">
                        <li><a href="[% loo.subfield_link %]"><i class="fa fa-eye"></i> Subfields</a></li>
                        <li><a href="[% loo.edit %]"><i class="fa fa-pencil"></i> Edit</a></li>
                        <li><a href="[% loo.delete %]"><i class="fa fa-trash"></i> Delete</a></li>
                    </ul>
                </div>
            </td>
        </tr>
        [% END %]
    </tbody>
    </table>

[% END %]

</div>
</div>
<div class="yui-b">
[% INCLUDE 'admin-menu.inc' %]
</div>
</div>
[% INCLUDE 'intranet-bottom.inc' %]