projects / koha.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Bug 26592: Prevent XSS vulnerabilities when circ/ysearch.pl is used
[koha.git] / koha-tmpl / intranet-tmpl / prog / en / modules / course_reserves / course.tt
1 [% SET footerjs = 1 %]
2 [% INCLUDE 'doc-head-open.inc' %]
3 <title>Koha &rsaquo; Course reserves &rsaquo; [% IF course_name %] Edit [% course_name | html %] [% ELSE %] New course [% END %]</title>
4 [% INCLUDE 'doc-head-close.inc' %]
5 <style>
6     #course_instructors {
7         float: left;
8     }
9     .instructor_line {
10         padding: .3em;
11     }
12 </style>
13 </head>
14
15 <body id="courses_course" class="course">
16
17 [% INCLUDE 'header.inc' %]
18 [% INCLUDE 'cat-search.inc' %]
19
20 <div id="breadcrumbs"><a href="/cgi-bin/koha/mainpage.pl">Home</a> &rsaquo; <a href="/cgi-bin/koha/course_reserves/course-reserves.pl">Course reserves</a> &rsaquo; [% IF course_name %] Edit <em>[% course_name | html %]</em> [% ELSE %] New course [% END %]</div>
21
22 [% IF ( departments ) %]
23
24     <div class="main container-fluid">
25         <div class="row">
26             <div class="col-md-8 col-md-offset-2">
27
28             <form method="post" action="/cgi-bin/koha/course_reserves/mod_course.pl" class="validated">
29                 [% IF course_id %]<input type="hidden" name="course_id" value="[% course_id | html %]" />[% END %]
30                 <fieldset class="rows">
31                     <legend>[% IF course_id %]Edit course[% ELSE %]Create course[% END %]</legend>
32                     <ol>
33                         <li>
34                             <label class="required" for="department">Department:</label>
35                             <select id="department" name="department" required="required" class="required">
36                                 <option value="">Select a department</option>
37
38                                 [% FOREACH d IN departments %]
39                                     [% IF d.authorised_value == department %]
40                                         <option value="[% d.authorised_value | html %]" selected="selected">[% d.lib | html %]</option>
41                                     [% ELSE %]
42                                         <option value="[% d.authorised_value | html %]">[% d.lib | html %]</option>
43                                     [% END %]
44                                 [% END %]
45                             </select>
46                             <span class="required">Required</span>
47                         </li>
48
49                         <li>
50                             <label class="required" for="course_number">Course number:</label>
51                             <input id="course_number" name="course_number" type="text" value="[% course_number | html %]" required="required" class="required" />
52                             <span class="required">Required</span>
53                         </li>
54
55                         <li>
56                             <label for="section">Section:</label>
57                             <input id="section" name="section" type="text" value="[% section | html %]"/>
58                         </li>
59
60                         <li>
61                             <label class="required" for="course_name">Course name:</label>
62                             <input id="course_name" name="course_name" type="text" value="[% course_name | html %]" required="required" class="required" />
63                             <span class="required">Required</span>
64                         </li>
65
66                         <li>
67                             [% IF terms %]
68                                 <label for="term">Term:</label>
69                                 <select id="term" name="term">
70                                     <option value=""></option>
71
72                                     [% FOREACH t IN terms %]
73                                         [% IF t.authorised_value == term %]
74                                             <option value="[% t.authorised_value | html %]" selected="selected">[% t.lib | html %]</option>
75                                         [% ELSE %]
76                                             <option value="[% t.authorised_value | html %]">[% t.lib | html %]</option>
77                                         [% END %]
78                                     [% END %]
79                                 </select>
80                             [% ELSE %]
81                                 <span class="label">Term: </span>
82                                 <span id="term">No TERM authorised values found! Please create one or more authorised values with the category TERM.</span>
83                             [% END %]
84                         </li>
85
86                         <li>
87                             <span class="label">Instructors:</span>
88
89                             <div id="course_instructors">
90                                  <div id="instructors">
91                                     [% FOREACH i IN instructors %]
92                                         <div class="instructor_line" id="borrower_[% i.borrowernumber | html %]">[% i.surname | html %], [% i.firstname | html %] ( <a href="#" class="removeInstructor"><i class="fa fa-trash"></i> Remove </a> )
93                                              <input type='hidden' name='instructors' value='[% i.borrowernumber | html %]' />
94                                          </div>
95                                      [% END %]
96                                  </div>
97                                 <p>
98                                     <label for="find_instructor">Instructor search:</label>
99                                     <input autocomplete="off" id="find_instructor" type="text" style="width:150px" class="noEnterSubmit"/>
100                                 </p>
101                                 <div id="find_instructor_container"></div>
102                             </div>
103                         <li>
104                             <label for="staff_note">Staff note:</label>
105                             <textarea name="staff_note" id="staff_note">[% staff_note | html %]</textarea>
106                         </li>
107
108                         <li>
109                             <label for="public_note">Public note:</label>
110                             <textarea name="public_note" id="public_note">[% public_note | html %]</textarea>
111                         </li>
112
113                         <li>
114                             <label for="students_count">Number of students:</label>
115                             <input id="students_count" name="students_count" type="text" value="[% students_count | html %]" />
116                         </li>
117
118                         <li>
119                             <label for="enabled">Enabled?</label>
120                             [% IF enabled == 'no' %]
121                                 <input type="checkbox" name="enabled" id="enabled" />
122                             [% ELSE %]
123                                 <input type="checkbox" name="enabled" id="enabled" checked="checked" />
124                             [% END %]
125                         </li>
126                     </ol>
127                 </fieldset>
128
129                 <fieldset class="action">
130                     <input type="submit" value="Save" class="submit" />
131
132                     [% IF course_id %]
133                         <a href="/cgi-bin/koha/course_reserves/course-details.pl?course_id=[% course_id | uri %]" class="cancel">Cancel</a>
134                     [% ELSE %]
135                         <a href="/cgi-bin/koha/course_reserves/course-reserves.pl" class="cancel">Cancel</a>
136                     [% END %]
137                 </fieldset>
138             </form>
139         </div>
140     </div>
141
142 [% ELSE %]
143
144 <div class="dialog alert">
145     <p>
146         No DEPARTMENT authorized values found!
147         [% IF ( CAN_user_parameters ) %]
148             Please <a href="/cgi-bin/koha/admin/authorised_values.pl?searchfield=DEPARTMENT">create one or more authorized values</a> with the category DEPARTMENT.
149         [% ELSE %]
150             An administrator must create one or more authorized values with the category DEPARTMENT.
151         [% END %]
152     </p>
153 </div>
154
155 [% END %]
156
157 [% IF ( departments ) %]
158     [% MACRO jsinclude BLOCK %]
159         <script type="text/javascript">
160             $(document).ready(function(){
161                 $( "#find_instructor" ).autocomplete({
162                     source: "/cgi-bin/koha/circ/ysearch.pl",
163                     minLength: 3,
164                     select: function( event, ui ) {
165                         AddInstructor( ui.item.surname + ", " + ui.item.firstname, ui.item.borrowernumber );
166                         return false;
167                     }
168                 })
169                 .data( "ui-autocomplete" )._renderItem = function( ul, item ) {
170                     return $( "<li></li>" )
171                     .data( "ui-autocomplete-item", item )
172                     .append(
173                         "<a>"
174                             + ( item.surname ? item.surname.escapeHtml() : "" )
175                             + ", "
176                             + ( item.firstname ? item.firstname.escapeHtml() : "" )
177                             + " (" + ( item.cardnumber ? item.cardnumber.escapeHtml() : "" ) + ")"
178                             + " "
179                             + "<small>"
180                                 + ( item.address ? item.address.escapeHtml() : "" )
181                                 + " "
182                                 + ( item.city ? item.city.escapeHtml() : "" )
183                                 + " "
184                                 + ( item.zipcode ? item.zipcode.escapeHtml() : "" )
185                                 + " "
186                                 + ( item.country ? item.country.escapeHtml() : "" )
187                             + "</small>"
188                         + "</a>" )
189                     .appendTo( ul );
190                 };
191
192                 if ( ! $('#instructors').html() ) {
193                     $('#course_instructors').hide();
194                 }
195
196                 $("body").on("click",".removeInstructor",function(e){
197                     e.preventDefault();
198                     var divid = $(this).parent().attr("id");
199                     var borrowernumber = divid.replace("borrower_","");
200                     RemoveInstructor(borrowernumber);
201                 });
202             });
203
204             function AddInstructor( name, borrowernumber ) {
205                 div = "<div class='instructor_line' id='borrower_" + borrowernumber + "'>" + ( name ? name.escapeHtml() : "" ) + " ( <a href='#' class='removeInstructor'><i class='fa fa-trash'></i> " + _("Remove")+ " </a> ) <input type='hidden' name='instructors' value='" + borrowernumber + "' /></div>";
206                 $('#instructors').append( div );
207
208                 $('#find_instructor').val('').focus();
209                 $('#course_instructors').show();
210             }
211
212             function RemoveInstructor( borrowernumber ) {
213                 $( '#borrower_' + borrowernumber ).remove();
214
215                 if ( ! $('#instructors').html() ) {
216                     $('#course_instructors').hide( 800 );
217                 }
218             }
219         </script>
220     [% END %]
221 [% END %]
222
223 [% INCLUDE 'intranet-bottom.inc' %]
Main Koha release repository