Bug 19035 - Stored XSS in lists.pl

[koha.git] / koha-tmpl / intranet-tmpl / prog / en / modules / patron_lists / lists.tt

[% INCLUDE 'doc-head-open.inc' %]
<title>Koha &rsaquo; Tools &rsaquo; Patron lists</title>
[% INCLUDE 'doc-head-close.inc' %]
[% INCLUDE 'greybox.inc' %]
<link rel="stylesheet" type="text/css" href="[% interface %]/[% theme %]/css/datatables.css" />
[% INCLUDE 'datatables.inc' %]

<script type="text/javascript">
//<![CDATA[
    $(document).ready(function() {
        var patronExportModal = $("#patronExportModal");
        var patronExportModalBody = $("#patronExportModal .modal-body")

        $('#patron-lists-table').dataTable($.extend(true, {}, dataTablesDefaults, {
            "autoWidth": false,
            "aoColumnDefs": [
                { "bSortable": false, "bSearchable": false, 'aTargets': [ 'NoSort' ] }
            ],
            "sPaginationType": "four_button"
        } ));
        $(".delete_patron").on("click", function(){
            $(".dropdown").removeClass("open");
            var list = $(this).data("list-name");
            return confirmDelete( _("Are you sure you want to delete the list %s?").format(list) );
        });

        $(".print_cards").on("click", function(e){
            e.preventDefault();
            var page = $(this).attr("href");
            patronExportModalBody.load(page + " #exportingf");
            patronExportModal.modal("show");
        });

        patronExportModal.on("hidden", function(){
            patronExportModalBody.html("<div id=\"loading\"><img src=\"[% interface %]/[% theme %]/img/spinner-small.gif\" alt=\"\" /> "+_("Loading")+"</div>");
        });

        patronExportModal.on("submit", "#exportingf", function(e){
            e.preventDefault();
            modal_body = patronExportModalBody;
            modal_body.html("<div id=\"loading\"><img src=\"[% interface %]/[% theme %]/img/spinner-small.gif\" alt=\"\" /> "+_("Loading")+"</div>");
            target_url = $(this).attr("action");
            params =  $( this ).serialize();
            modal_body.load( target_url + "?" + params + " #custom-doc");
        });

        patronExportModal.on("click",".closebtn,.gb-close",function(e){
            e.preventDefault();
            patronExportModal.modal("hide");
        });

    });
//]]>
</script>

</head>

<body id="patlist_lists" class="pat patlist">
[% INCLUDE 'header.inc' %]
[% INCLUDE 'cat-search.inc' %]
<div id="breadcrumbs"><a href="/cgi-bin/koha/mainpage.pl">Home</a> &rsaquo; <a href="/cgi-bin/koha/tools/tools-home.pl">Tools</a> &rsaquo; Patron lists</div>

<div id="doc3" class="yui-t2">
   <div id="bd">
    <div id="yui-main">
        <div class="yui-b">

        <div id="toolbar" class="btn-toolbar">
            <div class="btn-group">
                <a class="btn btn-default btn-sm" href="add-modify.pl"><i class="fa fa-plus"></i> New patron list</a>
            </div>
        </div>

        <h1>Your patron lists</h1>

        [% IF ( lists ) %]

        <table id="patron-lists-table">
            <thead>
                <tr>
                    <th>Name</th>
                    <th>Patrons in list</th>
                    <th class="NoSort">&nbsp;</th>
                </tr>
            </thead>

            <tbody>
                [% FOREACH l IN lists %]
                    <tr>
                        <td>[% l.name |html %]</td>
                        <td>[% l.patron_list_patrons_rs.count || 0 %]</td>
                        <td>
                            <div class="dropdown">
                                <a class="btn btn-default btn-xs dropdown-toggle" id="listactions[% l.patron_list_id %]" role="button" data-toggle="dropdown" href="#">
                                   Actions <b class="caret"></b>
                                </a>
                                <ul class="dropdown-menu pull-right" role="menu" aria-labelledby="listactions[% l.patron_list_id %]">
                                    <li><a href="/cgi-bin/koha/patron_lists/list.pl?patron_list_id=[% l.patron_list_id %]"><i class="fa fa-user"></i> Add patrons</a></li>
                                    <li><a href="/cgi-bin/koha/patron_lists/add-modify.pl?patron_list_id=[% l.patron_list_id %]"><i class="fa fa-pencil"></i> Edit list</a></li>
                                    <li><a class="delete_patron" href="/cgi-bin/koha/patron_lists/delete.pl?patron_list_id=[% l.patron_list_id %]" data-list-name="[% l.name %]"><i class="fa fa-trash"></i> Delete list</a></li>
                                    [% IF ( l.patron_list_patrons_rs.count ) %]
                                        <li class="divider"></li>
                                        <li>
                                            <a class="print_cards" href="/cgi-bin/koha/patroncards/print.pl?patronlist_id=[% l.patron_list_id %]" data-patron_list_id="[% l.patron_list_id %]"><i class="fa fa-print"></i> Print patron cards</a>
                                        </li>
                                        [% IF CAN_user_tools_edit_patrons %]
                                            <li>
                                                <a href="/cgi-bin/koha/tools/modborrowers.pl?patron_list_id=[% l.patron_list_id %]&op=show">
                                                    <i class="fa fa-pencil"></i> Batch edit patrons
                                                </a>
                                            </li>
                                        [% END %]
                                        [% IF CAN_user_tools_delete_anonymize_patrons %]
                                            <li>
                                                <a href="/cgi-bin/koha/tools/cleanborrowers.pl?step=2&patron_list_id=[% l.patron_list_id %]&checkbox=borrower">
                                                    <i class="fa fa-trash"></i> Batch delete patrons
                                                </a>
                                            </li>
                                        [% END %]
                                    [% END %]
                                </ul>
                            </div>
                        </td>
                    </tr>
                [% END %]
            </tbody>
        </table>

            <!-- Modal to print patron cards -->
            <div class="modal" id="patronExportModal" tabindex="-1" role="dialog" aria-labelledby="patronExportModal_label" aria-hidden="true">
                <div class="modal-dialog">
                <div class="modal-content">
                <div class="modal-header">
                    <button type="button" class="closebtn" data-dismiss="modal" aria-hidden="true">&times;</button>
                    <h3 id="patronExportModal_label">Print patron cards</h3>
                </div>
                <div class="modal-body">
                    <div id="loading"> <img src="[% interface %]/[% theme %]/img/spinner-small.gif" alt="" /> Loading </div>
                </div>
                </div>
                </div>
            </div>

        [% ELSE %]
           <div class="dialog message">There are no patron lists.</div>
        [% END %]

            </div>
        </div>
        <div class="yui-b noprint">
            [% INCLUDE 'tools-menu.inc' %]
        </div>
    </div>
[% INCLUDE 'intranet-bottom.inc' %]