3 # Copyright 2000-2002 Katipo Communications
5 # This file is part of Koha.
7 # Koha is free software; you can redistribute it and/or modify it under the
8 # terms of the GNU General Public License as published by the Free Software
9 # Foundation; either version 2 of the License, or (at your option) any later
12 # Koha is distributed in the hope that it will be useful, but WITHOUT ANY
13 # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
14 # A PARTICULAR PURPOSE. See the GNU General Public License for more details.
16 # You should have received a copy of the GNU General Public License along with
17 # Koha; if not, write to the Free Software Foundation, Inc., 59 Temple Place,
18 # Suite 330, Boston, MA 02111-1307 USA
23 TODO :: Description here
25 C4::Scrubber is used to remove all markup content from the sumitted text.
32 use CGI::Cookie; # need to check cookies before having CGI parse the POST request
34 use C4::Auth qw(:DEFAULT check_cookie_auth);
37 use C4::Output 3.02 qw(:html :ajax pagination_bar);
38 use C4::Dates qw(format_date);
41 use C4::Tags qw(add_tag get_approval_rows get_tag_rows remove_tag);
48 sub ajax_auth_cgi ($) { # returns CGI object
49 my $needed_flags = shift;
50 my %cookies = fetch CGI::Cookie;
52 my $sessid = $cookies{'CGISESSID'}->value || $input->param('CGISESSID');
53 my ($auth_status, $auth_sessid) = check_cookie_auth($sessid, $needed_flags);
55 print STDERR "($auth_status, $auth_sessid) = check_cookie_auth($sessid," . Dumper($needed_flags) . ")\n";
56 if ($auth_status ne "ok") {
57 output_ajax_with_http_headers $input,
58 "window.alert('Your CGI session cookie ($sessid) is not current. " .
59 "Please refresh the page and try again.');\n";
62 $debug and print STDERR "AJAX request: " . Dumper($input),
63 "\n(\$auth_status,\$auth_sessid) = ($auth_status,$auth_sessid)\n";
67 # The trick here is to support multiple tags added to multiple bilbios in one POST.
68 # The HTML might not use this, but it makes it more web-servicey from the start.
69 # So the name of param has to have biblionumber built in.
70 # For lack of anything more compelling, we just use "newtag[biblionumber]"
71 # We split the value into tags at comma and semicolon
73 my $is_ajax = is_ajax();
74 my $openadds = C4::Context->preference('TagsModeration') ? 0 : 1;
75 my $query = ($is_ajax) ? &ajax_auth_cgi({}) : CGI->new();
76 unless (C4::Context->preference('TagsEnabled')) {
77 push @errors, {+ tagsdisabled=>1 };
79 foreach ($query->param) {
81 my $biblionumber = $1;
82 unless ($biblionumber =~ /^\d+$/) {
83 $debug and warn "$_ references non numerical biblionumber '$biblionumber'";
84 push @errors, {+'badparam' => $_ };
87 $newtags{$biblionumber} = $query->param($_);
88 } elsif (/^del(\d+)$/) {
94 my $add_op = (scalar(keys %newtags) + scalar(@deltags)) ? 1 : 0;
95 my ($template, $loggedinuser, $cookie);
97 $loggedinuser = C4::Context->userenv->{'number'}; # must occur AFTER auth
98 $debug and print STDERR "op: $loggedinuser\n";
100 ($template, $loggedinuser, $cookie) = get_template_and_user({
101 template_name => "opac-tags.tmpl",
104 authnotrequired => ($add_op ? 0 : 1), # auth required to add tags
110 unless ($loggedinuser) {
111 push @errors, {+'login' => 1 };
112 %newtags=(); # zero out any attempted additions
113 @deltags=(); # zero out any attempted deletions
118 my @newtags_keys = (keys %newtags);
119 if (scalar @newtags_keys) {
120 $scrubber = C4::Scrubber->new();
121 foreach my $biblionumber (@newtags_keys) {
122 my @values = split /[;,]/, $newtags{$biblionumber};
125 my $clean_tag = $scrubber->scrub($_);
126 unless ($clean_tag eq $_) {
127 if ($clean_tag =~ /\S/) {
128 push @errors, {scrubbed=>$clean_tag};
130 push @errors, {scrubbed_all_bad=>1};
131 next; # we don't add it if there's nothing left!
134 my $result = ($openadds) ?
135 add_tag($biblionumber,$clean_tag,$loggedinuser,$loggedinuser) : # pre-approved
136 add_tag($biblionumber,$clean_tag,$loggedinuser) ;
138 $counts{$biblionumber}++;
140 push @errors, {failed_add_tag=>$clean_tag};
141 warn "add_tag($biblionumber,$clean_tag,$loggedinuser...) returned bad result (" . (defined $result ? $result : 'UNDEF') .")";
148 if (remove_tag($_,$loggedinuser)) {
151 push @errors, {failed_delete=>$_};
157 foreach (values %counts) {$sum += $_;}
158 my $js_reply = sprintf("response = {\n\tadded: %d,\n\tdeleted: %d,\n\terrors: %d,",$sum,$dels,scalar @errors);
160 if (scalar @errors) {
161 $err_string = "\n\talerts: ["; # open response_function
163 my $key = (keys %$_)[0];
164 $err_string .= "\n\t\t KOHA.Tags.tag_message.$key(\"" . $_->{$key} . '"),';
166 $err_string .= "\n\t],\n"; # close response_function
168 output_ajax_with_http_headers($query, "$js_reply\n$err_string};");
175 if ($loggedinuser and not $query->param('hidemytags')) {
176 $my_tags = get_tag_rows({borrowernumber=>$loggedinuser});
177 foreach (@$my_tags) {
178 my $biblio = GetBiblioData($_->{biblionumber});
179 $_->{bib_summary} = $biblio->{title};
180 ($biblio->{author}) and $_->{bib_summary} .= " by " . $biblio->{author};
181 my $date = $_->{date_created} || '';
182 $date =~ /\s+(\d{2}\:\d{2}\:\d{2})/;
183 $_->{time_created_display} = $1;
184 $_->{date_created_display} = format_date($_->{date_created});
188 $template->param(tagsview => 1,
189 dateformat => C4::Context->preference("dateformat"));
193 for (values %counts) {$adds += $_;}
196 added_count => $adds,
197 deleted_count => $dels,
201 my $hardmax = 100; # you might disagree what this value should be, but there definitely should be a max
202 $limit = $query->param('limit') || $hardmax;
203 ($limit =~ /^\d+$/ and $limit <= $hardmax) or $limit = $hardmax;
204 $template->param(limit => $limit);
205 my $arghash = {approved=>1, limit=>$limit, 'sort'=>'-weight_total'};
206 # ($openadds) or $arghash->{approved} = 1;
207 if ($arg = $query->param('tag')) {
208 $arghash->{term} = $arg;
209 } elsif ($arg = $query->param('biblionumber')) {
210 $arghash->{biblionumber} = $arg;
212 $results = get_approval_rows($arghash);
214 my $count = scalar @$results;
215 $template->param(TAGLOOP_COUNT => $count);
216 # Here we make a halfhearted attempt to separate the tags into "strata" based on weight_total
217 # FIXME: code4lib probably has a better algorithm, iirc
218 # FIXME: when we get a better algorithm, move to C4
222 my $chunk = ($count/$maxstrata)/2;
225 foreach (reverse @$results) {
226 my $current = $_->{weight_total};
229 if ($current == $previous) {
230 $_->{cloudweight} = $strata;
233 if ($strata < $maxstrata and
234 ($cloud{$strata} > $chunk or
235 $count-$total <= $maxstrata-$strata)) {
238 $_->{cloudweight} = $strata;
239 $previous = $current;
242 $query->param('hidemytags') and $template->param(hidemytags => 1);
243 (scalar @errors ) and $template->param(ERRORS => \@errors);
244 (scalar @$results) and $template->param(TAGLOOP => $results);
245 (scalar @$my_tags) and $template->param(MY_TAGS => $my_tags);
247 output_html_with_http_headers $query, $cookie, $template->output;
250 =head1 EXAMPLE AJAX POST PARAMETERS
252 CGISESSID 7c6288263107beb320f70f78fd767f56
253 newtag396 fire,+<a+href="foobar.html">foobar</a>,+<img+src="foo.jpg"+/>
255 So this request is trying to add 3 tags to biblio #396. The CGISESSID is the same as that the browser would
256 typically communicate using cookies. If it is valid, the server will split the value of "newtag396" and
257 process the components for addition. In this case the intended tags are:
259 <a+href="foobar.html">foobar</a>
260 <img src="foo.jpg" />
262 The first tag is acceptable. The second will be scrubbed of markup, resulting in the tag "foobar".
263 The third tag is all markup, and will be rejected.
265 =head1 EXAMPLE AJAX JSON response
272 KOHA.Tags.tag_message.scrubbed("foobar"),
273 KOHA.Tags.tag_message.scrubbed_all_bad("1"),