projects / koha.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Bug 19034: XSS Flaws in Z39.50/SRU servers administration
[koha.git] / koha-tmpl / intranet-tmpl / prog / en / modules / admin / z3950servers.tt
1 [% INCLUDE 'doc-head-open.inc' %]
2
3 [% BLOCK ServerType %]
4     [% IF (server.servertype||type) == 'sru' %]
5         SRU
6     [% ELSIF (server.servertype||type) == 'zed' %]
7         Z39.50
8     [% END %]
9 [% END %]
10
11 <title>Koha &rsaquo; Administration &rsaquo; Z39.50/SRU servers
12 [% IF op == 'edit' %] &rsaquo; Modify [% PROCESS ServerType %] server [% server.servername %][% END %]
13 [% IF op ==  'add' %] &rsaquo; New [% PROCESS ServerType %] server[% END %]
14 </title>
15 [% INCLUDE 'doc-head-close.inc' %]
16
17 [% IF op == 'list' %]
18     <link rel="stylesheet" type="text/css" href="[% interface %]/[% theme %]/css/datatables.css" />
19     [% INCLUDE 'datatables.inc' %]
20 [% END %]
21
22 <script type="text/javascript">
23 //<![CDATA[
24 [% IF ( add_form ) %]
25     $(document).ready(function(){
26         // Update selects for syntax, encoding and recordtype
27         [% IF server %]
28             $("#syntax").val('[% server.syntax %]');
29             $("#encoding").val('[% server.encoding %]');
30             $("#recordtype").val('[% server.recordtype %]');
31         [% END %]
32         // Disable recordtype (and default to bib) for non-Z3950 servers until auth is supported
33         [% UNLESS (server.servertype||type) == 'zed' %]
34             $("#recordtype").prop('disabled',true);
35         [% END %]
36         $( "#serverentry" ).validate({
37             rules: {
38                 servername: { required: true },
39                 host: { required: true },
40                 port: {
41                     required: true,
42                     number: true
43                 },
44                 db: { required: true },
45                 rank: { number: true },
46                 timeout: { number: true }
47             }
48         });
49         $("#serverentry").submit(function( event ) {
50             // first test if show_sru_fields exists
51             if( $('#show_sru_fields').length && $('#show_sru_fields').val()=='' && !confirm( _("No SRU search field mappings have been defined. This means that all field searches will go through the whole record. Continue?"))) {
52                 return false;
53             }
54             // copy show_sru_fields to hidden counterpart
55             $('#sru_fields').val( $('#show_sru_fields').val() );
56             // enable recordtype to include field in post
57             $('#recordtype').prop('disabled',false);
58         });
59         $("#servername").on("blur",function(){
60             toUC(this);
61         });
62         $("#modify_sru_fields").on("click",function(){
63             ModMapping();
64         });
65     });
66     function ModMapping () {
67         var map= $('#show_sru_fields').val();
68         window.open('/cgi-bin/koha/admin/sru_modmapping.pl?mapping='+map,'popup','width=800,height=400,resizable=yes,toolbar=false,scrollbars=yes,top');
69     }
70 [% ELSE %]
71     $(document).ready(function() {
72         $("#serverst").dataTable($.extend(true, {}, dataTablesDefaults, {
73             "aoColumnDefs": [
74                 { "aTargets": [2,3,4,7,8,9,10,11], "bSortable": false, "bSearchable": false },
75             ],
76             "sPaginationType": "four_button"
77         }));
78         $(".delete").on("click",function(e){
79             var servername = $(this).data("servername");
80             if( confirm( _("Are you sure you want to delete server %s?").format(servername) ) ) {
81                 return true;
82             } else {
83                 e.preventDefault();
84             }
85         });
86     });
87 [% END %]
88 //]]>
89 </script>
90
91 </head>
92 <body id="admin_z3950servers" class="admin">
93 [% INCLUDE 'header.inc' %]
94 [% INCLUDE 'z3950-admin-search.inc' %]
95
96 <div id="breadcrumbs"><a href="/cgi-bin/koha/mainpage.pl">Home</a> &rsaquo; <a href="/cgi-bin/koha/admin/admin-home.pl">Administration</a> &rsaquo;
97 <a href="/cgi-bin/koha/admin/z3950servers.pl">Z39.50/SRU servers</a>
98 [% IF op == 'edit' %]&rsaquo; Modify [% PROCESS ServerType %] server [% server.servername %][% END %]
99 [% IF op ==  'add' %]&rsaquo; New [% PROCESS ServerType %] server[% END %]
100 </div>
101
102 <div id="doc3" class="yui-t2">
103 <div id="bd">
104 <div id="yui-main">
105 <div class="yui-b">
106
107 [% IF msg_deleted %]
108     <div class="dialog alert">Z39.50/SRU server deleted ([% msg_add %])</div>
109 [% ELSIF msg_updated %]
110     <div class="dialog message">Z39.50/SRU server updated ([% msg_add %])</div>
111 [% ELSIF msg_added %]
112     <div class="dialog message">Z39.50/SRU server added ([% msg_add %])</div>
113 [% ELSIF msg_notfound %]
114     <div class="dialog alert">Error: Server with id [% msg_add %] not found</div>
115 [% END %]
116
117 [% IF ( add_form ) %]
118     <form action="[% script_name %]" name="Aform" method="post" id="serverentry">
119         <input type="hidden" name="op" value="add_validated" />
120         <input type="hidden" name="servertype" value="[% server.servertype||type||'zed' %]"/>
121         [% IF op == 'edit' %]
122             <h1>Modify [% PROCESS ServerType %] server</h1>
123             <input type="hidden" name="id" value="[% server.id %]" />
124         [% ELSE %]
125             <h1>New [% PROCESS ServerType %] server</h1>
126         [% END %]
127         <fieldset class="rows">
128         <ol>
129         <li><label for="name">Server name: </label>
130             <input type="text" name="servername" id="servername" size="65" maxlength="100" value="[% server.servername | html %]"/>
131         </li>
132
133         <li><label for="host" class="required">Hostname: </label> <input type="text" name="host" id="host" size="30" value="[% server.host %]" required="required" /> <span class="required">Required</span>
134             [% IF (server.servertype||type) == 'sru' %]
135                 <div class="hint">Includes the domain part, but the path part of the URL should go into Database.</div>
136             [% END %]
137         </li>
138         <li><label for="port" class="required">Port: </label> <input type="text" name="port" id="port" size="5" value="[% server.port %]" required="required" /> <span class="required">Required</span>
139         </li>
140         <li><label for="db" class="required">Database: </label> <input type="text" name="db" id="db" value="[% server.db %]" required="required" /> <span class="required">Required</span>
141         </li>
142         <li><label for="userid">Userid: </label> <input type="text" name="userid" id="userid" value="[% server.userid %]" />
143         </li>
144         <li><label for="password">Password: </label> <input type="text" name="password" id="password" value="[% server.password %]" />
145         </li>
146         <li><label for="checked">Preselected (searched by default): </label>
147         [% IF ( server.checked ) %]
148             <input type="checkbox" name="checked" id="checked" value="1" checked="checked" />
149         [% ELSE %]
150             <input type="checkbox" name="checked" id="checked" value="1" />
151         [% END %]
152         </li>
153         <li><label for="rank">Rank (display order): </label> <input type="text" name="rank" id="rank" size="4" value="[% server.rank %]" />
154         </li>
155
156         <li><label for="syntax">Syntax (z3950 can send<br /> records in various format. Choose one): </label>
157         <select name="syntax" id="syntax">
158             <option value="UNIMARC">UNIMARC</option>
159             <option value="INTERMARC">INTERMARC</option>
160             <option value="CCF">CCF</option>
161             <option value="USMARC">MARC21/USMARC</option>
162             <option value="UKMARC">UKMARC</option>
163             <option value="NORMARC">NORMARC</option>
164             <option value="LIBRISMARC">LIBRISMARC</option>
165             <option value="DANMARC">DANMARC</option>
166             <option value="FINMARC">FINMARC</option>
167             <option value="CANMARC">CANMARC</option>
168             <option value="SBN">SBN</option>
169             <option value="PICAMARC">PICAMARC</option>
170             <option value="AUSMARC">AUSMARC</option>
171             <option value="IBERMARC">IBERMARC</option>
172             <option value="CATMARC">CATMARC</option>
173             <option value="MALMARC">MALMARC</option>
174         </select>
175         </li>
176
177         <li><label for="encoding">Encoding (z3950 can send<br /> records in various encodings. Choose one): </label>
178         <select name="encoding" id="encoding">
179             [% FOREACH enc IN [ 'utf8' 'EUC-KR' 'ISO_5426' 'ISO_6937' 'ISO_8859-1' 'MARC-8' ] %]
180                 <option value="[% enc %]">[% enc %]</option>
181             [% END %]
182         </select>
183         </li>
184
185         <li><label for="timeout">Timeout (0 its like not set): </label>
186         <input type="text" name="timeout" id="timeout" size="4" value="[% server.timeout %]" /> seconds
187         </li>
188         <li><label for="recordtype">Record type: </label>
189         <select name="recordtype" id="recordtype">
190             <option value="biblio">Bibliographic</option>
191             <option value="authority">Authority</option>
192         </select>
193         </li>
194         [% IF (server.servertype||type) == 'sru' %]
195         <li>
196         <label for="sru_options">Additional SRU options: </label>
197         <input type="text" name="sru_options" id="sru_options" size="50" value="[% server.sru_options %]"/>
198         <div class="hint">Separate options by commas. Example: sru=get,sru_version=1.1. See also http://www.indexdata.com/yaz/doc/zoom.html.</div>
199         </li>
200         <li>
201         <label for="sru_fields">SRU Search fields mapping: </label>
202         <input type="hidden" name="sru_fields" id="sru_fields" value="[% server.sru_fields %]" />
203             <input type="text" name="show_sru_fields" id="show_sru_fields" size="100" value="[% server.sru_fields %]" disabled="disabled" /> <input type="button" id="modify_sru_fields" value="Modify" />
204         </li>
205         [% END %]
206         <li>
207         <label for="add_xslt">XSLT File(s) for transforming results: </label>
208         <input type="text" name="add_xslt" id="add_xslt" size="100" value="[% server.add_xslt %]"/>
209         <div class="hint">Separate multiple filenames by commas.</span>
210         </li>
211
212         </ol>
213         </fieldset>
214
215         <fieldset class="action"><input type="submit" value="Save" /> <a class="cancel" href="/cgi-bin/koha/admin/z3950servers.pl">Cancel</a></fieldset>
216     </form>
217 [% END %]
218
219 [% IF op == 'list' %]
220     <div id="toolbar" class="btn-toolbar">
221         <a id="newserver" class="btn btn-default btn-sm" href="/cgi-bin/koha/admin/z3950servers.pl?op=add&type=zed"><i class="fa fa-plus"></i> New Z39.50 server</a>
222         <a id="newserver" class="btn btn-default btn-sm" href="/cgi-bin/koha/admin/z3950servers.pl?op=add&type=sru"><i class="fa fa-plus"></i> New SRU server</a>
223     </div>
224     <h3>Z39.50/SRU servers administration</h3>
225     [% IF id %]
226         You searched for record [% id %]
227     [% ELSIF searchfield %]
228         You searched for [% searchfield |html %]
229     [% END %]
230     <table id="serverst">
231         <thead><tr><th>Target</th><th>Hostname/Port</th><th>Database</th><th>Userid</th><th>Password</th><th>Preselected</th><th>Rank</th><th>Syntax</th><th>Encoding</th><th>Timeout</th><th>Record type</th><th></th>
232         </tr></thead>
233         <tbody>
234         [% FOREACH loo IN loop %]
235             <tr>
236             <td><a href="/cgi-bin/koha/admin/z3950servers.pl?op=edit&amp;id=[% loo.id %]">[% loo.servername %]</a></td><td>[% loo.host %]:[% loo.port %]</td><td>[% loo.db %]</td><td>[% loo.userid %]</td><td>[% IF loo.password %]########[% END %]</td><td>[% IF ( loo.checked ) %]Yes[% ELSE %]No[% END %]</td><td>[% loo.rank %]</td>
237             <td>[% loo.syntax %]</td><td>[% loo.encoding %]</td><td>[% loo.timeout %]</td>
238             <td>[% IF ( loo.recordtype == 'biblio' )  %]
239                 <span>Bibliographic</span>
240                 [% ELSIF ( loo.recordtype == 'authority' ) %]
241                 <span>Authority</span>
242                 [% END %]
243             </td>
244             <td>
245                 <div class="dropdown">
246                     <a class="btn btn-default btn-xs dropdown-toggle" id="reportactions[% savedreport.id %]" role="button" data-toggle="dropdown" href="#">
247                         Actions <b class="caret"></b>
248                     </a>
249                     <ul class="dropdown-menu pull-right" role="menu" aria-labelledby="reportactions[% savedreport.id %]">
250                         <li><a href="/cgi-bin/koha/admin/z3950servers.pl?op=edit&amp;id=[% loo.id %]"><i class="fa fa-pencil"></i> Edit</a></li>
251                         <li><a href="/cgi-bin/koha/admin/z3950servers.pl?op=add&amp;id=[% loo.id %]"><i class="fa fa-copy"></i> Copy</a></li>
252                         <li><a href="/cgi-bin/koha/admin/z3950servers.pl?op=delete_confirmed&amp;id=[% loo.id %]" class="delete" data-servername="[% loo.servername %]"><i class="fa fa-trash"></i> Delete</a></li>
253                     </ul>
254                 </div>
255             </td>
256             </tr>
257         [% END %]
258         </tbody>
259     </table>
260 [% END %]
261
262 </div>
263 </div>
264 <div class="yui-b">
265 [% INCLUDE 'admin-menu.inc' %]
266 </div>
267 </div>
268 [% INCLUDE 'intranet-bottom.inc' %]
Main Koha release repository