Bug 14423: Multiple XSS bugs in suggestion.pl

[koha.git] / koha-tmpl / intranet-tmpl / prog / en / modules / suggestion / suggestion.tt

[% USE Branches %]
[% USE AuthorisedValues %]
[% USE KohaDates %]
[% USE Price %]
[% INCLUDE 'doc-head-open.inc' %]
<title>Koha &rsaquo; Acquisitions  &rsaquo;
    [% IF ( op_save ) %]
        [% IF ( suggestionid ) %]
            Suggestions &rsaquo;  Edit suggestion #[% suggestionid %]
        [% ELSE %]
            Suggestions &rsaquo; Add suggestion
        [% END %]
    [% ELSIF ( op == 'show' ) %]
           Suggestions &rsaquo; Show suggestion #[% suggestionid %]
    [% ELSE %]
        Suggestions management
    [% END %]
</title>
[% INCLUDE 'doc-head-close.inc' %]
[% INCLUDE 'calendar.inc' %]
[% IF ( op == 'show' ) %]
<script type="text/javascript">
    // <![CDATA[
    $(document).ready(function(){
        $("#deletesuggestion").on("click",function(){
            return confirm(_("Are you sure you want to delete this suggestion?"));
        });
    });
    // ]]>
</script>
[% END %]
[% IF ( op_else ) %]
<link rel="stylesheet" type="text/css" href="[% themelang %]/css/datatables.css" />
[% INCLUDE 'datatables.inc' %]
<script type="text/javascript" src="[% interface %]/lib/jquery/plugins/jquery.checkboxes.min.js"></script>
<script type="text/javascript">
// <![CDATA[
/**
*  displayOther.
*  This function display the select or an textaera to write a reason.
*/
function displayOther(id,show,hide){
        $("#"+hide+id).hide();
        $("#"+show+id).show();
}
$(document).ready(function() {
    $('#suggestiontabs').tabs({
        // Correct table sizing for tables hidden in tabs
        // http://www.datatables.net/examples/api/tabs_and_scrolling.html
        "activate": function(event, ui) {
            $( $.fn.dataTable.tables( true ) ).DataTable().columns.adjust();
        }
    });
    $(".sorted").dataTable($.extend(true, {}, dataTablesDefaults, {
        "aoColumnDefs": [
            { "aTargets": [ 0 ], "bSortable": false, "bSearchable": false },
            { "sType": "anti-the", "aTargets" : [ "anti-the" ] }
        ],
        "sPaginationType": "four_button"
    }));
[% FOREACH suggestion IN suggestions %]
// functions for [% suggestion.suggestiontype %] interactions
    $("#CheckAll[% suggestion.suggestiontype %]").click(function(e){
                $("#[% suggestion.suggestiontype %]t").checkCheckboxes();
        e.preventDefault();
    });
    $("#UncheckAll[% suggestion.suggestiontype %]").click(function(e){
                $("#[% suggestion.suggestiontype %]t").unCheckCheckboxes();
        e.preventDefault();
        });
        $("#other_reason[% suggestion.suggestiontype %]").hide();
    $("#reason[% suggestion.suggestiontype %]").change(function(){
            if($(this).val() == "other"){
                        $(this).hide();
                        $("#other_reason[% suggestion.suggestiontype %]").show();
    }
    });
        $("#[% suggestion.suggestiontype %]delete").change(function(){
                if(this.checked){
                        $("form[name='f[% suggestion.suggestiontype %]'] input[name=op]").attr("value","delete");
                } else {
                        $("form[name='f[% suggestion.suggestiontype %]'] input[name=op]").attr("value","change");
                }
        });

[% END %]
    $("a[href*=back]").click(function(){
    var sid = $(this).attr("href").replace(/#back/,"");
            $("#reason"+sid).show().find("option[value='']").attr("selected","selected");
                $("#other_reason"+sid).hide();
    });
    $("h4.local_collapse a").click(function(){
        $(this).parent().parent().find("ol").toggle();
        return false;
    });
    // http://jqueryui.com/demos/datepicker/#date-range
    var dates = $( "#suggesteddate_from, #suggesteddate_to" ).datepicker({
        changeMonth: true,
        numberOfMonths: 1,
        onSelect: function( selectedDate ) {
            var option = this.id == "suggesteddate_from" ? "minDate" : "maxDate",
                instance = $( this ).data( "datepicker" );
                date = $.datepicker.parseDate(
                    instance.settings.dateFormat ||
                    $.datepicker._defaults.dateFormat,
                    selectedDate, instance.settings );
            dates.not( this ).datepicker( "option", option, date );
        }
    });
    var datesMD = $( "#manageddate_from, #manageddate_to" ).datepicker({
        changeMonth: true,
        numberOfMonths: 1,
        onSelect: function( selectedDate ) {
            var option = this.id == "manageddate_from" ? "minDate" : "maxDate",
                instance = $( this ).data( "datepicker" );
                date = $.datepicker.parseDate(
                    instance.settings.dateFormat ||
                    $.datepicker._defaults.dateFormat,
                    selectedDate, instance.settings );
            datesMD.not( this ).datepicker( "option", option, date );
        }
    });
    var datesAD = $( "#accepteddate_from, #accepteddate_to" ).datepicker({
        changeMonth: true,
        numberOfMonths: 1,
        onSelect: function( selectedDate ) {
            var option = this.id == "accepteddate_from" ? "minDate" : "maxDate",
                instance = $( this ).data( "datepicker" );
                date = $.datepicker.parseDate(
                    instance.settings.dateFormat ||
                    $.datepicker._defaults.dateFormat,
                    selectedDate, instance.settings );
            datesAD.not( this ).datepicker( "option", option, date );
        }
    });

    $("form.update_suggestions").on("submit", function(e){
        var form = this;
        var action_delete_selected = $(this).find("input[value='delete']").is(":checked");
        if ( action_delete_selected ) {
            var suggestions_to_delete = $(this).find("input[name='edit_field']:checked");
            if ( suggestions_to_delete.length == 0 ) {
                alert(_("Please select at least one suggestion to delete"));
                e.preventDefault();
                return false;
            } else if ( suggestions_to_delete.length == 1 ) {
                if ( ! confirm(_("Are you sure you want to delete this suggestion?")) ) {
                    e.preventDefault();
                    return false;
                }
            } else if ( suggestions_to_delete.length > 1 ) {
                if ( ! confirm(_("Are you sure you want to delete these suggestions?")) ) {
                    e.preventDefault();
                    return false;
                }
            }
        }
        return true;
    });
});
// ]]>
</script>
<style type="text/css">
h4.local_collapse a { font-size : 80%; text-decoration: none; } fieldset.brief ol { display : none; }
.overlay { top: 180px; left: 50%; position: absolute; margin-left: -100px; width: 200px; text-align: center; display: none; margin-top: -10px; background: #eeffd4; padding: .5em; color: #000; } .note { -moz-border-radius: 3px; border-radius:3px; background: transparent url("[% interface %]/[% theme %]/img/famfamfam/silk/comment.png") top left no-repeat; padding : 1px 3px 1px 18px; font-size : 90%; }
</style>[% END %]
[% IF ( op_save )  %]
    <script type="text/javascript">
        // <![CDATA[
        $(document).ready(function() { calcNewsuggTotal(); });
        // ]]>
    </script>
[% END %]
<script type="text/javascript" src="[% themelang %]/js/acq.js"></script>
</head>
<body id="acq_suggestion" class="acq">
[% INCLUDE 'header.inc' %]
[% INCLUDE 'cat-search.inc' %]
<div id="breadcrumbs">
    <a href="/cgi-bin/koha/mainpage.pl">Home</a> &rsaquo; <a href="/cgi-bin/koha/acqui/acqui-home.pl">Acquisitions</a> &rsaquo;
    [% IF ( op_save ) %]
        [% IF ( suggestionid ) %]
            <a href="/cgi-bin/koha/suggestion/suggestion.pl">Suggestions</a> &rsaquo;  Edit suggestion #[% suggestionid %]
        [% ELSE %]
            <a href="/cgi-bin/koha/suggestion/suggestion.pl">Suggestions</a> &rsaquo; Add suggestion
        [% END %]
    [% ELSIF ( op == 'show' ) %]
           <a href="/cgi-bin/koha/suggestion/suggestion.pl">Suggestions</a> &rsaquo; Show suggestion #[% suggestionid %]
    [% ELSE %]
        Suggestions management
    [% END %]
</div>

[% IF ( op == 'show' ) %]
<div id="doc" class="yui-t7"> <!-- <div id="doc3" class="yui-t2"> -->
<div id="bd">
    <div id="yui-main">
    <div class="yui-b">

    <div id="toolbar" class="btn-toolbar">
        <a class="btn btn-small" id="editsuggestion" href="suggestion.pl?op=edit&amp;suggestionid=[% suggestionid %]"><i class="icon-pencil"></i> Edit</a>
        <a class="btn btn-small" id="deletesuggestion" href="suggestion.pl?op=delete&amp;edit_field=[% suggestionid %]"><i class="icon-remove"></i> Delete</a>
    </div>

    <fieldset class="rows">
      <legend>Bibliographic information</legend>
      <ol>
        <li><span class="label">Title:</span>[% title |html %]</li>
        <li><span class="label">Author:</span>[% author |html %]</li>
        <li><span class="label">Copyright date:</span>[% copyrightdate |html %]</li>
        <li><span class="label">ISBN or ISSN or other standard number:</span>[% isbn |html %]</li>
        <li><span class="label">Publisher:</span>[% publishercode |html %]</li>
        <li><span class="label">Publication place:</span>[% place |html %]</li>
        <li><span class="label">Collection title:</span>[% collectiontitle |html %]</li>
        <li><span class="label">Document type:</span>
            [% FOREACH itemtypeloo IN itemtypeloop %]
                [% IF ( itemtypeloo.selected ) %][% itemtypeloo.description %][% END %]
            [% END %]
        </li>
        [% IF ( patron_reason_loop ) %]
          <li><span class="label">Reason for suggestion: </span>
            [% FOREACH patron_reason_loo IN patron_reason_loop %]
              [% IF ( patron_reason_loo.selected ) %][% patron_reason_loo.lib %][% END %]
            [% END %]
          </li>
        [% END %]
        <li><span class="label">Notes:</span>[% note |html %]</li>
      </ol>
    </fieldset>
    <fieldset class="rows"> <legend>Suggestion management</legend>
      <ol>
        <li>
          <span class="label">Status:</span>
          [% SET status_found = 0 %]
          [% IF ( STATUS == 'ASKED' ) %]
              Pending
              [% SET status_found = 1 %]
          [% ELSIF ( STATUS == 'ACCEPTED' ) %]
              Accepted
              [% SET status_found = 1 %]
          [% ELSIF ( STATUS == 'CHECKED' ) %]
              Checked
              [% SET status_found = 1 %]
          [% ELSIF ( STATUS == 'REJECTED' ) %]
              Rejected
              [% SET status_found = 1 %]
          [% ELSE %]
              [% FOREACH s IN SuggestionStatuses %]
                  [% IF STATUS == s.authorised_value %]
                      [% s.lib %]
                      [% SET status_found = 1 %]
                  [% END %]
              [% END %]
          [% END %]

        </li>
        <li>
          <table>
            <thead><tr><th>&nbsp;</th><th>Date</th><th>By</th></tr></thead>
            <tbody>
            <tr>
                <th><span class="label">Suggestion creation</span> </th>
                <td>[% suggesteddate | $KohaDates %]</td>
                <td>[% IF ( suggestedby_borrowernumber ) %]<a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% suggestedby_borrowernumber %]">[% suggestedby_surname %], [% suggestedby_firstname %]</a>  [% Branches.GetName( suggestedby_branchcode ) %] ([% suggestedby_description %])[% END %]
                </td>
            </tr>
            <tr>
                <th><span class="label">Suggestion management</span> </th>
                <td>[% manageddate | $KohaDates %]</td>
                <td>[% IF ( managedby_borrowernumber ) %]<a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% managedby_borrowernumber %]">[% managedby_surname %], [% managedby_firstname %]</a> [% Branches.GetName( managedby_branchcode ) %] ([% managedby_description %])[% END %]</td>
            </tr>
            <tr>
                <th><span class="label">Suggestion accepted</span> </th>
                <td>[% accepteddate | $KohaDates %]</td>
                <td>[% IF ( acceptedby_borrowernumber ) %]<a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% acceptedby_borrowernumber %]">[% acceptedby_surname %], [% acceptedby_firstname %]</a> [% Branches.GetName( acceptedby_branchcode ) %] ([% acceptedby_description %])[% END %]</td>
            </tr>
            </tbody>
        </table></li></ol>
    </fieldset>
    <fieldset class="rows"> <legend>Acquisition information</legend>
      <ol>
        <li>
          <span class="label">Library:</span> [% branchname %]
        </li>
        <li>
          <span class="label">Fund:</span> [% budgetname %]
        </li>
        <li>
          <span class="label">Copies:</span>[% quantity %]
        </li>
        <li>
          <span class="label">Currency:</span>[% currency %]
        </li>
        <li>
          <span class="label">Price:</span>[% price | $Price %]
        </li>
        <li>
          <span class="label">Total</span>[% total | $Price %]
        </li>
      </ol>
    </fieldset>

    <fieldset class="action">
        <a href="suggestion.pl">&lt;&lt; Back to suggestions</a>
    </fieldset>

    </div>
    </div>
</div>
[% ELSE %]

[% IF ( op_save ) %]<div id="doc" class="yui-t7">[% ELSE %]<div id="doc3" class="yui-t2">[% END %]
<div id="bd">
    <div id="yui-main">
    <div class="yui-b">
[% IF ( op_save ) %]
    <form id="add_edit" action="suggestion.pl" method="post" class="validated">
    <input type="hidden" name="redirect" id="redirect" value="[% redirect %]" />
    <input type="hidden" name="borrowernumber" id="borrowernumber" value="[% borrowernumber %]" />
    [% IF ( suggestionid ) %]
        <h1>Edit purchase suggestion #[% suggestionid %]</h1>
        <input type="hidden" name="suggestionid" value="[% suggestionid %]"/>
    [% ELSE %]
        <h1>Enter a new purchase suggestion</h1>
    [% END %]
    <fieldset class="rows"> <legend>Bibliographic information</legend><ol>
        <li>
            <label for="title" class="required">Title:</label>
            <input type="text" id="title" name="title" size="80" maxlength="255" value="[% title |html %]" required="required" class="required" />
            <span class="required">Required</span>
        </li>
        <li><label for="author">Author:</label><input type="text" id="author" name="author" size="50" maxlength="80" value="[% author | html %]"/></li>
        <li><label for="copyrightdate">Copyright date:</label><input type="text" id="copyrightdate" name="copyrightdate" size="4" maxlength="4" value="[% copyrightdate | html %]" /></li>
        <li><label for="isbn">ISBN or ISSN or other standard number:</label><input type="text" id="isbn" name="isbn" size="50" maxlength="80" value="[% isbn | html %]"/></li>
        <li><label for="publishercode">Publisher:</label><input type="text" id="publishercode" name="publishercode" size="50" maxlength="80" value="[% publishercode | html %]"/></li>
        <li><label for="place">Publication place:</label><input type="text" id="place" name="place" size="50" maxlength="80" value="[% place | html %]"/></li>
        <li><label for="collectiontitle">Collection title:</label><input type="text" id="collectiontitle" name="collectiontitle" size="50" maxlength="80" value="[% collectiontitle | html %]"/></li>
        <li><label for="itemtype">Document type:</label>
            <select id="itemtype" name="itemtype" >
            [% FOREACH itemtypeloo IN itemtypeloop %]
                [% IF ( itemtypeloo.selected ) %]<option selected="selected" value="[% itemtypeloo.itemtype %]">[% ELSE %]<option value="[% itemtypeloo.itemtype %]">[% END %]
                [% itemtypeloo.description %]</option>
            [% END %]
            </select>
        </li>
        [% IF ( patron_reason_loop ) %]<li><label for="patronreason">Reason for suggestion: </label><select name="patronreason" id="patronreason"><option value=""> -- Choose -- </option>[% FOREACH patron_reason_loo IN patron_reason_loop %]
                [% IF ( patron_reason_loo.selected ) %]<option value="[% patron_reason_loo.authorised_value %]" selected="selected">[% patron_reason_loo.lib %]</option>[% ELSE %]<option value="[% patron_reason_loo.authorised_value %]">[% patron_reason_loo.lib %]</option>[% END %]
           [% END %]</select></li>[% END %]
        <li><label for="note">Notes:</label><textarea name="note" id="note" rows="5" cols="40">[% note %]</textarea></li>
        </ol>
    </fieldset>
    <fieldset class="rows"> <legend>Suggestion management</legend>
       <ol>
            [% IF ( suggestionid ) %]
                <li>
                    <label for="STATUS">Status:</label>
                    <select id="STATUS" name="STATUS">
                        <option value="">No Status</option>

                        [% IF (statusselected_ASKED ) %]
                            <option value="ASKED" selected="selected">Pending</option>
                        [% ELSE %]
                            <option value="ASKED">Pending</option>
                        [% END %]

                        [% IF (statusselected_ACCEPTED ) %]
                            <option value="ACCEPTED" selected="selected">Accepted</option>
                        [% ELSE %]
                            <option value="ACCEPTED">Accepted</option>
                        [% END %]

                        [% IF (statusselected_CHECKED ) %]
                            <option value="CHECKED" selected="selected">Checked</option>
                        [% ELSE %]
                            <option value="CHECKED">Checked</option>
                        [% END %]

                        [% IF ( statusselected_REJECTED ) %]
                            <option value="REJECTED" selected="selected">Rejected</option>
                        [% ELSE %]
                            <option value="REJECTED">Rejected</option>
                        [% END %]

                        [% FOREACH s IN SuggestionStatuses %]
                            [% IF s.authorised_value == selected_status %]
                                <option value="[% s.authorised_value %]" selected="selected">[% s.lib %]</option>
                            [% ELSE %]
                                <option value="[% s.authorised_value %]">[% s.lib %]</option>
                            [% END %]
                        [% END %]
                    </select>
                </li>
            [% END %]
        <li><table>
            <thead><tr><th>&nbsp;</th><th>Date</th><th>By</th></tr></thead>
            <tbody>
            <tr>
                <th><label for="suggesteddate">Suggestion creation</label> </th>
                <td><input type="text" id="suggesteddate" name="suggesteddate" size="10" maxlength="10" value="[% suggesteddate | $KohaDates %]"/></td>
                <td><input type="hidden" id="suggestedby" name="suggestedby" value="[% suggestedby %]"/>[% IF ( suggestedby_borrowernumber ) %]<a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% suggestedby_borrowernumber %]">[% suggestedby_surname %], [% suggestedby_firstname %]</a>  [% Branches.GetName( suggestedby_branchcode ) %] ([% suggestedby_description %])[% END %]
                </td>
            </tr>
            <tr>
                <th><label for="managedon">Suggestion management</label> </th>
                <td><input type="text" id="managedon" name="manageddate" size="10" maxlength="10" value="[% manageddate | $KohaDates %]" /></td>
                <td><input type="hidden" id="managedby" name="managedby" value="[% managedby %]"/>[% IF ( managedby_borrowernumber ) %]<a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% managedby_borrowernumber %]">[% managedby_surname %], [% managedby_firstname %]</a> [% Branches.GetName( managedby_branchcode ) %] ([% managedby_description %])[% END %]</td>
            </tr>
            <tr>
                <th><label for="accepteddate">Suggestion accepted</label> </th>
                <td><input type="text" id="accepteddate" name="accepteddate" size="10" maxlength="10" value="[% accepteddate | $KohaDates %]" /></td>
                <td><input type="hidden" id="acceptedby" name="acceptedby" value="[% acceptedby %]"/>[% IF ( acceptedby_borrowernumber ) %]<a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% acceptedby_borrowernumber %]">[% acceptedby_surname %], [% acceptedby_firstname %]</a> [% Branches.GetName( acceptedby_branchcode ) %] ([% acceptedby_description %])[% END %]</td>
            </tr>
            </tbody>
        </table></li></ol>
    </fieldset>
    <fieldset class="rows"> <legend>Acquisition information</legend><ol>
        <li><label for="branchcode">Library:</label>
            <select name="branchcode" id="branchcode">
                <option value="">Any</option>[% FOREACH branchloo IN branchloop %]
                [% IF ( branchloo.selected ) %]<option value="[% branchloo.value %]" selected="selected">[% branchloo.branchname %]</option>[% ELSE %]<option value="[% branchloo.value %]">[% branchloo.branchname %]</option>[% END %][% END %]
            </select>
        </li>
        <li><label for="budgetid">Fund:</label>
            <select name="budgetid" id="budgetid">
                <option value="">Any</option>[% FOREACH budgetsloo IN budgetsloop %]
                [% IF ( budgetsloo.selected ) %]<option value="[% budgetsloo.budget_id %]" selected="selected">[% budgetsloo.budget_name %]</option>[% ELSE %]<option value="[% budgetsloo.budget_id %]">[% budgetsloo.budget_name %]</option>[% END %][% END %]
            </select>
                </li><li><label for="quantity">Copies:</label>
                        <input type="text" size="10" id="quantity" name="quantity" value="[% quantity %]" onchange="calcNewsuggTotal();" />
                </li><li><label for="currency">Currency:</label>
                        [% FOREACH loop_currenc IN loop_currency %]
                    <input type="hidden" value="[% loop_currenc.rate %]" id="currency_rate_[% loop_currenc.currcode %]" name="currency_rate_[% loop_currenc.currcode %]" />
                            <input type="hidden" id="[% loop_currenc.currcode %]" name="[% loop_currenc.currcode %]" value="[% loop_currenc.rate %]" />
                        [% END %]
            <select name="currency" id="currency" onchange="calcNewsuggTotal();">
                [% FOREACH loop_currenc IN loop_currency %]
                [% IF ( loop_currenc.selected ) %]<option value="[% loop_currenc.currcode %]" selected="selected">[% loop_currenc.currcode %]</option>[% ELSE %]<option value="[% loop_currenc.currcode %]">[% loop_currenc.currcode %]</option>[% END %][% END %]
            </select>
                </li><li><label for="price">Price:</label>
                        <input type="text" size="20" name="price" id="price" value="[% price %]" onchange="calcNewsuggTotal();" />
                </li><li><label for="total">Total: </label>
                        <input type="text" readonly="readonly" id="total" name="total" size="10" value="[% total %]"/>
                </li></ol>
    </fieldset><input type="hidden" id="returnsuggested" name="returnsuggested" value="[% IF ( returnsuggestedby ) %][% returnsuggestedby %][% ELSE %]noone[% END %]"/>
    <fieldset class="action"><input type="hidden" name="op" value="[% op %]" />[% IF ( suggestionid ) %]<input type="submit" value="Save" /> <a class="cancel" href="[% IF ( returnsuggestedby ) %]/cgi-bin/koha/members/moremember.pl?borrowernumber=[% returnsuggestedby %]#suggestions[% ELSE %]suggestion.pl[% END %]">Cancel</a>[% ELSE %]<input type="submit" value="Submit your suggestion" /> <a class="cancel" href="suggestion.pl">Cancel</a>[% END %]
    </fieldset>
    </form>
[% END %]

[% IF ( op_else ) %]
<div id="toolbar" class="btn-toolbar">
    <a class="btn btn-small" id="newsuggestion" href="suggestion.pl?op=add"><i class="icon-plus"></i> New purchase suggestion</a>
</div>

<h1>Suggestions management</h1>


[% FOR m IN messages %]
    <div class="dialog [% m.type %]">
        [% SWITCH m.code %]
        [% CASE 'already_exists' %]
            The suggestion has not been added. A suggestion with this title already exists (<a href='/cgi-bin/koha/suggestion/suggestion.pl?suggestionid=[% m.id %]&op=show'>suggestion #[% m.id %]</a>)
        [% CASE %]
            [% m.code %]
        [% END %]
    </div>
[% END %]

[% UNLESS ( notabs ) %]
    <div id="suggestiontabs" class="toptabs">
    <ul class="ui-tabs-nav">
        [% FOREACH suggestion IN suggestions %]
                <li>
            <a href="#[% suggestion.suggestiontype %]">
            [% IF ( suggestion.suggestiontypelabel ) %]
                [% IF (suggestion.suggestiontypelabel == "Pending") %]Pending
                [% ELSIF (suggestion.suggestiontypelabel == "Accepted") %]Accepted
                [% ELSIF (suggestion.suggestiontypelabel == "Checked") %]Checked
                [% ELSIF (suggestion.suggestiontypelabel == "Rejected") %]Rejected
                [% ELSIF (suggestion.suggestiontypelabel == "Available") %]Available
                [% ELSIF (suggestion.suggestiontypelabel == "Ordered") %]Ordered
                [% ELSE %][% suggestion.suggestiontypelabel %][% END %]
            [% ELSE %]
                [% IF ( suggestion.suggestiontype ) %]
                    [% AuthorisedValues.GetByCode( 'SUGGEST_STATUS', suggestion.suggestiontype ) %]
                [% ELSE %]
                    No name
                [% END %]
            [% END %]
            ([% suggestion.suggestions_loop.size %])</a></li>

        [% END %]
    </ul>
[% END %]

[% FOREACH suggestion IN suggestions %]
<div id="[% suggestion.suggestiontype %]">
<form class="update_suggestions" name="f[% suggestion.suggestiontype %]" method="post" action="/cgi-bin/koha/suggestion/suggestion.pl#[% suggestion.suggestiontype %]">

[% IF ( suggestion.suggestions_loop ) %]
<p><a id="CheckAll[% suggestion.suggestiontype %]" href="#">Check all</a> | <a id="UncheckAll[% suggestion.suggestiontype %]" href="#">Uncheck all</a></p>
    <table id="[% suggestion.suggestiontype %]t" class="sorted">
        <thead>
            <tr><th>&nbsp;</th>
            <th>No.</th>
            <th class="anti-the">Suggestion</th>
            <th>Suggested by - on</th>
            <th>Managed by - on</th>
            <th>Library</th>
            <th>Fund</th>
            <th>Status</th></tr>
    </thead>
        <tbody>
            [% FOREACH suggestions_loo IN suggestion.suggestions_loop %]
            [% IF ( suggestions_loo.even ) %]<tr class="highlight">[% ELSE %]<tr>[% END %]
                <td>
                    <input type="checkbox" name="edit_field" value="[% suggestions_loo.suggestionid %]" />
                </td>
                <td>
                    [% suggestions_loo.suggestionid %]
                </td>
                <td>
                    <a href="suggestion.pl?suggestionid=[% suggestions_loo.suggestionid %]&amp;op=show" title="suggestion" >
                        [% suggestions_loo.title |html %][% IF ( suggestions_loo.author ) %], by [% suggestions_loo.author %][% END %]</a>
                    [<a href="suggestion.pl?suggestionid=[% suggestions_loo.suggestionid %]&amp;op=edit" title="suggestion" >edit</a>]
                    <br />
                    [% IF ( suggestions_loo.copyrightdate ) %]&copy; [% suggestions_loo.copyrightdate |html %] [% END %]
                        [% IF ( suggestions_loo.volumedesc ) %]; Volume:<i>[% suggestions_loo.volumedesc |html %]</i> [% END %]
                        [% IF ( suggestions_loo.isbn ) %]; ISBN:<i>[% suggestions_loo.isbn |html %]</i> [% END %][% IF ( suggestions_loo.publishercode ) %]; Published by [% suggestions_loo.publishercode |html %] [% END %][% IF ( suggestions_loo.publicationyear ) %] in <i>[% suggestions_loo.publicationyear |html %]</i> [% END %][% IF ( suggestions_loo.place ) %] in <i>[% suggestions_loo.place |html %]</i> [% END %][% IF ( suggestions_loo.collectiontitle ) %]; [% suggestions_loo.collectiontitle |html %] [% END %][% IF ( suggestions_loo.itemtype ) %]; [% suggestions_loo.itemtype |html %] [% END %]<br />[% IF ( suggestions_loo.note ) %]<span class="note">[% suggestions_loo.note |html%]</span>[% END %]
                </td>
                <td>
                    [% IF ( suggestions_loo.emailsuggestedby ) %]<a href="mailto:[% suggestions_loo.emailsuggestedby %]">[% END %][% suggestions_loo.surnamesuggestedby %][% IF ( suggestions_loo.firstnamesuggestedby ) %], [% suggestions_loo.firstnamesuggestedby %][% END %] [% IF (suggestions_loo.cardnumbersuggestedby ) %]([% suggestions_loo.cardnumbersuggestedby %])[% END %] [% IF ( suggestions_loo.emailsuggestedby ) %]</a>[% END %]
                    [% IF ( suggestions_loo.suggesteddate ) %] - [% suggestions_loo.suggesteddate | $KohaDates %][% END %]
                </td>
                <td>
                    [% IF ( suggestions_loo.emailmanagedby ) %]<a href="mailto:[% suggestions_loo.emailmanagedby %]">[% END %][% suggestions_loo.surnamemanagedby %][% IF ( suggestions_loo.firstnamemanagedby ) %], [% suggestions_loo.firstnamemanagedby %][% END %] [% IF ( suggestions_loo.emailmanagedby ) %]</a>[% END %]
                    [% IF ( suggestions_loo.manageddate ) %] - [% suggestions_loo.manageddate | $KohaDates %][% END %]
                </td>
                <td>
                    [% Branches.GetName( suggestions_loo.branchcode ) %]
                </td>
                <td>
                    [% suggestions_loo.budget_name %]
                </td>
                <td>
                    [% IF ( suggestions_loo.ASKED ) %]
                        Pending
                    [% ELSIF ( suggestions_loo.ACCEPTED ) %]
                        Accepted
                    [% ELSIF ( suggestions_loo.ORDERED ) %]
                        Ordered
                    [% ELSIF ( suggestions_loo.REJECTED ) %]
                        Rejected
                    [% ELSIF ( suggestions_loo.CHECKED ) %]
                        Checked
                    [% ELSIF AuthorisedValues.GetByCode( 'SUGGEST_STATUS', suggestions_loo.STATUS ) %]
                        [% AuthorisedValues.GetByCode( 'SUGGEST_STATUS', suggestions_loo.STATUS ) %]
                    [% END %]

                    [% IF ( suggestions_loo.reason ) %]
                        <br />([% suggestions_loo.reason %])
                    [% END %]
                </td>
        </tr>
        [% END %]</tbody>
        </table>  <fieldset>
    <div id="select-reason[% suggestion.suggestiontype %]">
        <div id="status[% suggestion.suggestiontype %]">
            <label for="STATUS[% suggestion.suggestiontype %]">Mark selected as: </label>
            <select name="STATUS" id="STATUS[% suggestion.suggestiontype %]">
                <option value=""> -- Choose a status --</option>

                [% IF (statusselected_ASKED ) %]
                    <option value="ASKED" selected="selected">Pending</option>
                [% ELSE %]
                    <option value="ASKED">Pending</option>
                [% END %]

                [% IF (statusselected_ACCEPTED ) %]
                    <option value="ACCEPTED" selected="selected">Accepted</option>
                [% ELSE %]
                    <option value="ACCEPTED">Accepted</option>
                [% END %]

                [% IF (statusselected_CHECKED ) %]
                    <option value="CHECKED" selected="selected">Checked</option>
                [% ELSE %]
                    <option value="CHECKED">Checked</option>
                [% END %]

                [% IF ( statusselected_REJECTED ) %]
                    <option value="REJECTED" selected="selected">Rejected</option>
                [% ELSE %]
                    <option value="REJECTED">Rejected</option>
                [% END %]

                [% FOREACH s IN SuggestionStatuses %]
                    <option value="[% s.authorised_value %]">[% s.lib %]</option>
                [% END %]
            </select>

            <label for="reason[% suggestion.suggestiontype %]">with this reason:</label>
            <select id="reason[% suggestion.suggestiontype %]" name="reason[% suggestion.suggestiontype %]">
                <option value=""> -- Choose a reason -- </option>
                [% FOREACH reasonsloo IN suggestion.reasonsloop %]
                    <option value="[% reasonsloo.lib %]">[% reasonsloo.lib %]</option>
                [% END %]
                <option value="other">Others...</option>
            </select>

            <span id="other_reason[% suggestion.suggestiontype %]">
                <input type="text" size="31" id="select-other_reason[% suggestion.suggestiontype %]" name="other_reason[% suggestion.suggestiontype %]" placeholder="please note your reason here..." />
                <a href="#back[% suggestion.suggestiontype %]">Cancel</a>
            </span>

            <strong style="padding: 0 1em;">OR:</strong>

            <label for="[% suggestion.suggestiontype %]delete">Delete selected</label>
            <input type="checkbox" name="op" id="[% suggestion.suggestiontype %]delete" />
        </div>
    </div>


    <input type="hidden" name="tabcode" value="[% suggestion.suggestiontype %]" />
    <input type="hidden" name="op" value="change" />
</fieldset>
        <fieldset class="action">
    <input type="submit" value="Submit" /></fieldset>
</form>
[% ELSE %]
    <b>No results.</b>
[% END %]
</div>
[% END %]
    </div>
[% END %]
</div>
</div>

      [% UNLESS ( op_save ) %] [% UNLESS ( op == 'show' ) %]<div class="yui-b">
<form name="suggestionfilter" action="suggestion.pl" method="get">
<fieldset class="brief"><ol style="display:block;"><li><label for="displayby">Organize by: </label>
                <select name="displayby" id="displayby" style="width:auto;">
                    [% IF ( displayby == "STATUS" ) %]
                        <option value="STATUS" selected="selected">Status</option>
                    [% ELSE %]
                        <option value="STATUS">Status</option>
                    [% END %]
                    [% IF ( displayby == "branchcode" ) %]
                        <option value="branchcode" selected="selected">Library</option>
                    [% ELSE %]
                        <option value="branchcode">Library</option>
                    [% END %]
                    [% IF ( displayby == "itemtype" ) %]
                        <option value="itemtype" selected="selected">Item type</option>
                    [% ELSE %]
                        <option value="itemtype">Item type</option>
                    [% END %]
                    [% IF ( displayby == "managedby" ) %]
                        <option value="managedby" selected="selected">Managed by</option>
                    [% ELSE %]
                        <option value="managedby">Managed by</option>
                    [% END %]
                    [% IF ( displayby == "acceptedby" ) %]
                        <option value="acceptedby" selected="selected">Accepted by</option>
                    [% ELSE %]
                        <option value="acceptedby">Accepted by</option>
                    [% END %]
                </select> <input type="submit" value="Go" /></li></ol></fieldset>
<h4>Filter by: <a style="font-size:80%;font-weight:normal;" href="/cgi-bin/koha/suggestion/suggestion.pl">[clear]</a></h4>
                <div style="display:block;" id="limits">

                                <fieldset class="brief"><h4 class="local_collapse"><a href="#">Bibliographic information</a></h4>
                   <ol> <li><label for="title"> Title:</label><input type="text" id="title" name="title" value="[% title |html %]" /></li>
                    <li><label for="author"> Author:</label><input type="text" id="author" name="author" value="[% author | html %]" /></li>
                    <li><label for="isbn"> ISBN:</label><input type="text" id="isbn"  name="isbn" value="[% isbn | html %]" /></li>
                    <li><label for="publishercode"> Publisher:</label><input type="text" id="publishercode" name="publishercode" value="[% publishercode | html %]" /></li>
                    <li><label for="copyrightdate_filter"> Copyright date:</label><input type="text" id="copyrightdate_filter" name="copyrightdate" value="[% copyrightdate | html %]" /></li>
                    <li><label for="collectiontitle"> Collection title:</label><input type="text" id="collectiontitle" name="collectiontitle" value="[% collectiontitle | html %]" /></li><li><input type="submit" value="Go" /></li></ol>
                </fieldset>
                                 <fieldset class="brief"><h4 class="local_collapse"><a href="#">Suggestion information</a></h4>
                    <ol>
                      <li>
                          <label for="STATUS"> Status:</label>
                          <select name="STATUS" id="STATUS">
                              <option value="">Any</option>

                              [% IF (statusselected_ASKED ) %]
                                  <option value="ASKED" selected="selected">Pending</option>
                              [% ELSE %]
                                  <option value="ASKED">Pending</option>
                              [% END %]

                              [% IF (statusselected_ACCEPTED ) %]
                                  <option value="ACCEPTED" selected="selected">Accepted</option>
                              [% ELSE %]
                                  <option value="ACCEPTED">Accepted</option>
                              [% END %]

                              [% IF (statusselected_CHECKED ) %]
                                  <option value="CHECKED" selected="selected">Checked</option>
                              [% ELSE %]
                                  <option value="CHECKED">Checked</option>
                              [% END %]

                              [% IF ( statusselected_REJECTED ) %]
                                  <option value="REJECTED" selected="selected">Rejected</option>
                              [% ELSE %]
                                  <option value="REJECTED">Rejected</option>
                              [% END %]

                              [% FOREACH s IN SuggestionStatuses %]
                                  [% IF s.authorised_value == selected_status %]
                                      <option value="[% s.authorised_value %]" selected="selected">[% s.lib %]</option>
                                  [% ELSE %]
                                      <option value="[% s.authorised_value %]">[% s.lib %]</option>
                                  [% END %]
                              [% END %]
                          </select>
                      </li>

                    <li><label for="suggestedby"> Suggested by:</label><select id="suggestedby" name="suggestedby"><option value="">Any</option>
[% FOREACH suggestedby_loo IN suggestedby_loop %][% IF ( suggestedby_loo.selected ) %]<option value="[% suggestedby_loo.code %]" selected="selected">[% suggestedby_loo.desc %]</option>[% ELSE %]<option value="[% suggestedby_loo.code %]">[% suggestedby_loo.desc %]</option>[% END %][% END %]
                                                                     </select></li>
                    <li>
                        <label for="suggesteddate_from">Suggested date from:</label>
                        <input type="text" id="suggesteddate_from" size="10" name="suggesteddate_from" value="[% suggesteddate_from %]" />
                    </li>
                    <li>
                        <label for="suggesteddate_to">To:</label>
                        <input type="text" id="suggesteddate_to" size="10" name="suggesteddate_to" value="[% suggesteddate_to %]" />
                    </li>
                    <li><label for="managedby"> Managed by:</label><select id="managedby" name="managedby"><option value="">Any</option>
[% FOREACH managedby_loo IN managedby_loop %][% IF ( managedby_loo.selected ) %]<option value="[% managedby_loo.code %]" selected="selected">[% managedby_loo.desc %]</option>[% ELSE %]<option value="[% managedby_loo.code %]">[% managedby_loo.desc %]</option>[% END %][% END %]
                                                                     </select></li>
                    <li>
                        <label for="manageddate_from">Management date from:</label>
                        <input type="text" id="manageddate_from" size="10" name="manageddate_from" value="[% manageddate_from %]" />
                    </li>
                    <li>
                        <label for="manageddate_to">To:</label>
                        <input type="text" id="manageddate_to" size="10" name="manageddate_to" value="[% manageddate_to %]" />
                    </li>
                    <li><label for="acceptedby"> Accepted by:</label><select id="acceptedby" name="acceptedby"><option value="">Any</option>
[% FOREACH acceptedby_loo IN acceptedby_loop %][% IF ( acceptedby_loo.selected ) %] <option value="[% acceptedby_loo.code %]" selected="selected">[% acceptedby_loo.desc %]</option>[% ELSE %]<option value="[% acceptedby_loo.code %]">[% acceptedby_loo.desc %]</option>[% END %][% END %]
                                                      </select></li>
                    <li>
                        <label for="accepteddate_from">Accepted date from:</label>
                        <input type="text" id="accepteddate_from" size="10" name="accepteddate_from" value="[% accepteddate_from %]" />
                    </li>
                    <li>
                        <label for="accepteddate_to">To:</label>
                        <input type="text" id="accepteddate_to" size="10" name="accepteddate_to" value="[% accepteddate_to %]" />
                    </li>
                    <li><input type="submit" value="Go" /></li></ol>
                </fieldset>

                                <fieldset class="brief"><h4 class="local_collapse"><a href="#">Acquisition information</a></h4>
                    <ol><li><label for="budgetid"> Book fund:</label>
                    <select name="budgetid" id="budgetid">
                      <option value="__ANY__">Any</option>
                      [% IF budgetid == '__NONE__' %]
                          <option value="__NONE__" selected="selected">None</option>
                      [% ELSE %]
                          <option value="__NONE__">None</option>
                      [% END %]
                    [% FOREACH budgetid_loo IN budgetid_loop %]
                        [% IF ( budgetid_loo.selected ) %] <option value="[% budgetid_loo.code %]" selected="selected">[% budgetid_loo.desc %]</option>[% ELSE %]<option value="[% budgetid_loo.code %]">[% budgetid_loo.desc %]</option>[% END %]
                        [% END %]
                    </select></li>
                    <li><label for="branchcode"> For:</label>
                    <select name="branchcode" id="branchcode">
                        <option value="__ANY__">Any</option>[% FOREACH branchloo IN branchloop %]
                            [% IF ( branchloo.selected ) %] <option value="[% branchloo.value %]" selected="selected">[% branchloo.branchname %]</option>[% ELSE %] <option value="[% branchloo.value %]">[% branchloo.branchname %]</option>[% END %]
                            [% END %]
                    </select></li><li><input type="submit" value="Go" /></li></ol>
                </fieldset>
    </div>
            </form>
        </div>
    [% END %]
    [% END %]
</div>
[% END %]
[% INCLUDE 'intranet-bottom.inc' %]