Bug 11322: fix XSS bug in purchase suggestions - OPAC
[koha.git] / koha-tmpl / opac-tmpl / bootstrap / en / modules / opac-suggestions.tt
1 [% USE Koha %]
2 [% INCLUDE 'doc-head-open.inc' %][% IF ( LibraryNameTitle ) %][% LibraryNameTitle %][% ELSE %]Koha online[% END %] catalog ›
3 [% IF ( op_add ) %]Enter a new purchase suggestion[% END %]
4 [% IF ( op_else ) %]Purchase Suggestions[% END %]
5 [% INCLUDE 'doc-head-close.inc' %]
6 [% BLOCK cssinclude %][% END %]
7 </head>
8 [% IF ( loggedinusername ) %]<body id="opac-usersuggestions" class="scrollto">[% ELSE %]<body id="opac-suggestions" class="scrollto">[% END %]
9 [% INCLUDE 'masthead.inc' %]
10
11     <div class="main">
12         <ul class="breadcrumb">
13             <li><a href="/cgi-bin/koha/opac-main.pl">Home</a> <span class="divider">&rsaquo;</span></li>
14             <li><a href="/cgi-bin/koha/opac-user.pl">[% FOREACH USER_INF IN USER_INFO %][% USER_INF.title %] [% USER_INF.firstname %] [% USER_INF.surname %][% END %]</a> <span class="divider">&rsaquo;</span></li>
15             <li><a href="#">Your purchase suggestions</a></li>
16         </ul>
17
18         <div class="container-fluid">
19             <div class="row-fluid">
20                 <div class="span2">
21                     <div id="navigation">
22                         [% INCLUDE 'navigation.inc' IsPatronPage=1 %]
23                     </div>
24                 </div>
25                 <div class="span10">
26                     <div id="usersuggestions" class="maincontent">
27                         [% IF ( op_add ) %]
28                             <h1>Enter a new purchase suggestion</h1>
29
30                             <p>Please fill out this form to make a purchase suggestion. You will receive an email when the library processes your suggestion</p>
31                             <p>Only the title is required, but the more information you enter the easier it will be for the librarians to find the title you're requesting. The "Notes" field can be used to provide any additional information.</p>
32
33                             <form action="/cgi-bin/koha/opac-suggestions.pl" method="post">
34                                 <fieldset class="rows">
35                                     <ol>
36                                         <li><label class="required" for="title">Title:</label><input type="text" id="title" name="title"  maxlength="255" /></li>
37                                         <li><label for="author">Author:</label><input type="text" id="author" name="author"  maxlength="80" /></li>
38                                         <li><label for="copyrightdate">Copyright date:</label><input type="text" id="copyrightdate" name="copyrightdate" size="4" maxlength="4" /></li>
39                                         <li><label for="isbn">Standard number (ISBN, ISSN or other):</label><input type="text" id="isbn" name="isbn"  maxlength="80" /></li>
40                                         <li><label for="publishercode">Publisher:</label><input type="text" id="publishercode" name="publishercode"  maxlength="80" /></li>
41                                         <li><label for="collectiontitle">Collection title:</label><input type="text" id="collectiontitle" name="collectiontitle"  maxlength="80" /></li>
42                                         <li><label for="place">Publication place:</label><input type="text" id="place" name="place"  maxlength="80" /></li>
43                                         <li><label for="itemtype">Item type:</label>
44                                             <select name="itemtype" id="itemtype">
45                                                 <option value="">Default</option>
46                                                 [% FOREACH itemtypeloo IN itemtypeloop %]
47                                                     [% IF ( itemtypeloo.selected ) %]
48                                                         <option value="[% itemtypeloo.itemtype %]" selected="selected">
49                                                     [% ELSE %]
50                                                         <option value="[% itemtypeloo.itemtype %]">
51                                                     [% END %]
52                                                             [% itemtypeloo.description %]
53                                                         </option>
54                                                 [% END %]
55                                             </select>
56                                         </li>
57                                         [% IF ( branchloop ) %]
58                                             <li><label for="branch">Library:</label>
59                                                 <select name="branch" id="branch">
60                                                     [% FOREACH branchloo IN branchloop %]
61                                                         [% IF ( branchloo.selected ) %]
62                                                             <option value="[% branchloo.branchcode %]" selected="selected">[% branchloo.branchname %]</option>
63                                                         [% ELSE %]
64                                                             <option value="[% branchloo.branchcode %]">[% branchloo.branchname %]</option>
65                                                         [% END %]
66                                                     [% END %]
67                                                 </select>
68                                             </li>
69                                         [% END %]
70                                         [% IF ( patron_reason_loop ) %]
71                                             <li>
72                                                 <label for="patronreason">Reason for suggestion: </label>
73                                                 <select name="patronreason" id="patronreason">
74                                                     <option value="">-- Choose --</option>
75                                                     [% FOREACH patron_reason_loo IN patron_reason_loop %]
76                                                         <option value="[% patron_reason_loo.authorised_value %]">[% patron_reason_loo.lib %]</option>
77                                                     [% END %]
78                                                 </select>
79                                             </li>
80                                         [% END %]
81                                         <li>
82                                             <label for="note">Notes:</label>
83                                             <textarea name="note" id="note" rows="5" cols="40"></textarea>
84                                         </li>
85                                     </ol>
86                                 </fieldset>
87                                 <fieldset class="action">
88                                     <input type="hidden" name="suggestedby" value="[% suggestedbyme %]" />
89                                     <input type="hidden" name="op" value="add_confirm" />
90                                     <input type="submit" onclick="Check(this.form); return false;" class="btn" value="Submit your suggestion" /> <a class="action" href="/cgi-bin/koha/opac-suggestions.pl">Cancel</a>
91                                 </fieldset>
92                             </form>
93                         [% END #  IF op_add %]
94
95                         [% IF ( op_else ) %]
96                             <h1>
97                                 [% IF Koha.Preference( 'OPACViewOthersSuggestions' ) == 1 %]
98                                     Purchase suggestions
99                                 [% ELSE %]
100                                     [% IF ( loggedinusername ) %]
101                                         Your purchase suggestions
102                                     [% ELSE %]
103                                         Purchase suggestions
104                                     [% END %]
105                                 [% END %]
106                             </h1>
107
108                             [% IF ( deleted ) %]<div class="alert alert-info">The selected suggestions have been deleted.</div>[% END %]
109                             [% IF ( submitted ) %]<div class="alert alert-info">Your suggestion has been submitted.</div>[% END %]
110
111                             [% IF ( suggestions_loop ) %]
112                                 [% IF Koha.Preference( 'OPACViewOthersSuggestions' ) == 1 %]
113                                     <form action="/cgi-bin/koha/opac-suggestions.pl" class="form-inline" method="get">
114                                         <fieldset>
115                                             <label for="title">Search for:</label>
116                                             <input type="text" name="title" id="title" value="[% title |html %]" />
117                                             <label for="suggestedby">Suggested by:</label>
118                                             <div class="input-append">
119                                                 <select name="suggestedby" id="suggestedby">
120                                                     <option value="0">Anyone</option>
121                                                     <option value="1">Me</option>
122                                                 </select>
123                                                 <button type="submit" class="btn">Go</button>
124                                             </div>
125                                         </fieldset>
126                                     </form>
127                                 [% END %]
128                                 <form action="/cgi-bin/koha/opac-suggestions.pl" method="post" id="myform">
129                                     <input type="hidden" name="op" value="delete_confirm" />
130                                     <div id="toolbar" class="toolbar clearfix">
131                                         [% IF ( loggedinusername || ( Koha.Preference( 'AnonSuggestions' ) == 1 ) ) %]
132                                             <a class="new" href="/cgi-bin/koha/opac-suggestions.pl?op=add">New purchase suggestion</a>
133                                         [% END %]
134                                     </div>
135
136                                     [% IF ( loggedinusername ) %]
137                                         <div id="selections-toolbar" class="toolbar">
138                                               <span class="checkall"></span> <span class="clearall"></span> <span class="sep">|</span>
139                                               <span class="links"><span id="selections">Select suggestions to: </span>
140                                               <span id="removeitems"></span>
141                                         </div>
142                                     [% END %]
143
144                                     <table id="suggestt" class="checkboxed table table-bordered table-striped">
145                                         <thead>
146                                             <tr>
147                                                 [% IF ( loggedinusername ) %]<th>&nbsp;</th>[% END %]
148                                                 <th>Summary</th>
149                                                 <th>Note</th>
150                                                 [% IF Koha.Preference( 'OPACViewOthersSuggestions' ) == 1 %]<th>Suggested for</th>[% END %]
151                                                 <th>Managed by</th>
152                                                 <th>Status</th>
153                                             </tr>
154                                         </thead>
155                                         <tbody>
156                                             [% FOREACH suggestions_loo IN suggestions_loop %]
157                                                 <tr>
158                                                     [% IF ( loggedinusername ) %]
159                                                         <td>
160                                                             [% IF ( suggestions_loo.showcheckbox ) %]
161                                                                 <input type="checkbox" class="cb" name="delete_field" value="[% suggestions_loo.suggestionid %]" />
162                                                             [% END %]
163                                                         </td>
164                                                     [% END %]
165                                                     <td>
166                                                         <p><strong>[% suggestions_loo.title |html %]</strong></p>
167                                                             <p>[% IF ( suggestions_loo.author ) %][% suggestions_loo.author |html %],[% END %]
168                                                                 [% IF ( suggestions_loo.copyrightdate ) %] - [% suggestions_loo.copyrightdate |html %],[% END %]
169                                                                 [% IF ( suggestions_loo.publishercode ) %] - [% suggestions_loo.publishercode |html %][% END %]
170                                                                 [% IF ( suggestions_loo.place ) %]([% suggestions_loo.place |html %])[% END %]
171                                                                 [% IF ( suggestions_loo.collectiontitle ) %] , [% suggestions_loo.collectiontitle |html %][% END %]
172                                                                 [% IF ( suggestions_loo.itemtype ) %] - [% suggestions_loo.itemtype %][% END %]
173                                                         </p>
174                                                     </td>
175                                                     <td>
176                                                         [% IF ( suggestions_loo.note ) %]
177                                                             <span class="tdlabel">Note: </span>
178                                                             [% suggestions_loo.note |html %]
179                                                         [% END %]
180                                                     </td>
181                                                     [% IF Koha.Preference( 'OPACViewOthersSuggestions' ) == 1 %]
182                                                         <td>
183                                                             [% IF ( suggestions_loo.branchcodesuggestedby ) %]
184                                                                 <span class="tdlabel">Suggested for:</span>
185                                                                 [% suggestions_loo.branchcodesuggestedby %]
186                                                             [% END %]
187                                                         </td>
188                                                     [% END %]
189                                                     <td>
190                                                         [% IF ( suggestions_loo.surnamemanagedby ) %]
191                                                             <span class="tdlabel">Managed by:</span>
192                                                             [% suggestions_loo.surnamemanagedby %]
193                                                             [% IF ( suggestions_loo.firstnamemanagedby ) %]    , [% suggestions_loo.firstnamemanagedby %]
194                                                             [% END %]
195                                                         [% END %]
196                                                     </td>
197                                                     <td>
198                                                         <span class="tdlabel">Status:</span>
199                                                         [% IF ( suggestions_loo.ASKED ) %]Requested
200                                                         [% ELSIF ( suggestions_loo.CHECKED ) %]Checked by the library
201                                                         [% ELSIF ( suggestions_loo.ACCEPTED ) %]Accepted by the library
202                                                         [% ELSIF ( suggestions_loo.ORDERED ) %]Ordered by the library
203                                                         [% ELSIF ( suggestions_loo.REJECTED ) %]Suggestion declined
204                                                         [% ELSIF ( suggestions_loo.AVAILABLE ) %]Available in the library
205                                                         [% ELSE %] [% KohaAuthorisedValues.GetByCode( 'SUGGEST_STATUS', suggestions_loo.STATUS, 1 ) %] [% END %]
206                                                     </td>
207                                                 </tr>
208                                             [% END # / FOREACH suggestions_loo %]
209                                         </tbody>
210                                     </table>
211
212                                     [% IF ( loggedinusername ) %]
213                                         <fieldset class="action">
214                                             <input type="submit" class="btn btn-danger" value="Delete selected" />
215                                         </fieldset>
216                                     [% END %]
217                                 </form>
218                             [% ELSE %]
219                                 <p>There are no pending purchase suggestions.</p>
220                                 [% IF ( loggedinusername || ( Koha.Preference( 'AnonSuggestions' ) == 1 ) ) %]
221                                     <p><a class="new" href="/cgi-bin/koha/opac-suggestions.pl?op=add">New purchase suggestion</a></p>
222                                 [% END %]
223                             [% END # / IF suggestions_loop %]
224
225                         [% END # IF op_else %]
226                     </div> <!-- / #usersuggestions -->
227                 </div> <!-- / .span10 -->
228             </div> <!-- / .row-fluid -->
229         </div> <!-- / .container-fluid -->
230     </div> <!-- / .main -->
231
232 [% INCLUDE 'opac-bottom.inc' %]
233 [% BLOCK jsinclude %]
234 <script type="text/javascript" src="[% interface %]/[% theme %]/lib/jquery/plugins/jquery.checkboxes.min.js"></script>
235 [% INCLUDE 'datatables.inc' %]
236 <script type="text/javascript">
237     //<![CDATA[
238     [% IF ( loggedinusername ) %]
239         function enableCheckboxActions(){
240             // Enable/disable controls if checkboxes are checked
241             var checkedBoxes = $(".checkboxed input:checkbox:checked");
242             if ($(checkedBoxes).size()) {
243               $("#selections").html(_("With selected suggestions: "));
244               $("#selections-toolbar .links a").removeClass("disabled");
245             } else {
246               $("#selections").html(_("Select suggestions to: "));
247               $("#selections-toolbar .links a").addClass("disabled");
248             }
249         }
250     [% END %]
251
252     $(function() {
253         $("#suggestt").dataTable($.extend(true, {}, dataTablesDefaults, {
254             "aaSorting": [[ 1, "asc" ]],
255             "aoColumnDefs": [
256               [% IF ( loggedinusername ) %]{ "aTargets": [ 0 ], "bSortable": false, "bSearchable": false }[% END %]
257             ],
258             "aoColumns": [
259                 [% IF ( loggedinusername ) %]null,[% END %]
260                 { "sType": "anti-the" },
261                 null,
262                 [% IF ( OPACViewOthersSuggestions ) %]null,[% END %]
263                 null,
264                 null
265             ]
266         }));
267         [% IF ( loggedinusername ) %]$("span.clearall").html("<a id=\"CheckNone\" href=\"#\">"+_("Clear all")+"<\/a>");
268         $("span.checkall").html("<a id=\"CheckAll\" href=\"#\">"+_("Select all")+"<\/a>");
269         $("#CheckAll").click(function(){
270             $(".checkboxed").checkCheckboxes();
271             enableCheckboxActions();
272             return false;
273         });
274         $("#CheckNone").click(function(){
275             $(".checkboxed").unCheckCheckboxes();
276             enableCheckboxActions();
277             return false;
278         });
279         $(".cb").click(function(){
280           enableCheckboxActions();
281         });
282         $("#removeitems").html("<a href=\"#\" class=\"removeitems tag_hides disabled\">"+_("Delete")+"</a>")
283         .click(function(){
284           $("#myform").submit();
285           return false;
286         });
287         enableCheckboxActions();
288         [% END %]
289     });
290
291     function Check(f) {
292         var _alertString="";
293         var alertString2;
294
295         if(f.title.value.length ==0){
296             _alertString += _("- You must enter a Title") + "\n";
297         }
298
299         if (_alertString.length==0) {
300             f.submit();
301         } else {
302             alertString2 = _("Form not submitted because of the following problem(s)");
303             alertString2 += "\n------------------------------------------------------------------------------------\n\n";
304             alertString2 += _alertString;
305             alert(alertString2);
306         }
307     }
308 //]]>
309 </script>
310 [% END %]