From 798cc769fe25478ed41fa50cd41fd3a90c0a4a24 Mon Sep 17 00:00:00 2001 From: Owen Leonard Date: Fri, 22 Nov 2019 16:47:45 +0000 Subject: [PATCH] Bug 13806: Sanitize inputs where creating Reports subgroup MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit This patch adds validation of report group and subgroup inputs so that the user can't enter data into only one half of the group code/name pair. To test, apply the patch and go to Reports -> Use saved. - Create or edit a report which doesn't have a group or subgroup assigned. - Under "Report group," select the "or create" radio button. - Click the "Update SQL" button to submit the form without entering a group code or name. The form should require taht you enter data into both fields. - Enter data into the report group code and name fields. Add data to either the code or data field under "Report subgroup." You should not be able to submit the form without populating both. - Start over editing a report which doesn't have a group or subgroup assigned. - Select an existing group under "Report group." - Under "Report subgroup," select the "or create" option. - You should not be able to submit the form without adding data in both the code and name fields for the report subgroup. Signed-off-by: Séverine QUEUNE Signed-off-by: Jonathan Druart Signed-off-by: Martin Renvoize Signed-off-by: Joy Nelson --- .../modules/reports/guided_reports_start.tt | 80 +++++++++++++++---- 1 file changed, 65 insertions(+), 15 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/reports/guided_reports_start.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/reports/guided_reports_start.tt index cac8ccbea4..4ca5833a52 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/reports/guided_reports_start.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/reports/guided_reports_start.tt @@ -614,7 +614,7 @@ canned reports and writing custom SQL reports.

[% END %] [% IF ( save ) %] -
+ @@ -893,7 +893,7 @@ canned reports and writing custom SQL reports.

[% END %] [% IF ( create ) %] - +
Create report from SQL
    @@ -970,7 +970,7 @@ canned reports and writing custom SQL reports.

    [% END %] [% IF ( editsql ) %] - +
    @@ -1131,6 +1131,20 @@ canned reports and writing custom SQL reports.

    mode: "text/x-sql", lineWrapping: true }); + + // https://stackoverflow.com/questions/2086287/how-to-clear-jquery-validation-error-messages#answer-16025232 + function clearValidation( formElement ){ + // formElement should be a jQuery object + var validator = formElement.validate(); + // Iterate through named elements inside of the form, and mark them as error free + $('[name]',formElement).each(function(){ + validator.successList.push(this);//mark as error free + validator.showErrors();//remove error messages if present + }); + validator.resetForm();//remove error class on name elements and clear history + validator.reset();//remove all error and success data + } + [% END %] [% IF ( showsql ) %] @@ -1466,11 +1480,31 @@ canned reports and writing custom SQL reports.

    }); [% IF (create || editsql || save) %] + + var validated_form = $("#sql_report_form").validate({ + reportname: "required", + group_input: { + required: { + depends: function(element) { + return $("#create_group").prop("checked") && $("#groupdesc_input").val() != ''; + } + } + }, + groupdesc_input: { + required: { + depends: function(element) { + return $("#create_group").prop("checked") && $("#group_input").val() != ''; + } + } + } + }); + $("#select_group").change(function() { if($(this).prop('checked')) { - $("#group_input").prop('disabled', true); - $("#groupdesc_input").prop('disabled', true); + $("#group_input").attr("class","").prop('disabled', true).prop("required", false); + $("#groupdesc_input").attr("class","").prop('disabled', true).prop("required", false); $("#group_select").prop('disabled', false); + clearValidation( $("#sql_report_form") ); if ($("#group_select").val().length > 0) { $("#select_subgroup").prop('checked', true); $("#select_subgroup").change(); @@ -1482,30 +1516,46 @@ canned reports and writing custom SQL reports.

    }); $("#create_group").change(function() { if($(this).prop('checked')) { - $("#group_input").prop('disabled', false); - $("#groupdesc_input").prop('disabled', false); + $("#group_input").prop('disabled', false).prop("required", true ); + $("#groupdesc_input").prop('disabled', false).prop("required", true ); $("#group_select").prop('disabled', true); - $("#create_subgroup").prop('checked', true).change(); + // $("#create_subgroup").prop('checked', true).change(); $("#subgroup_select").hide(); $("#subgroup input[type='radio']").hide(); $("#subgroup label[for]").hide(); - $("#subgroup_input").show(); - $("#subgroupdesc_input").show(); + $("#subgroup_input").prop("required", false ).prop("disabled", false).show(); + $("#subgroupdesc_input").prop("required", false ).prop("disabled", false).show(); $("#subgroup").show(); + // Add validation rules for fields which were previously hidden + $("#subgroup_input").rules("add", { + required: { + depends: function(element) { + return $("#create_group").prop("checked") && $("#subgroupdesc_input").val() != ''; + } + } + }); + $("#subgroupdesc_input").rules("add", { + required: { + depends: function(element) { + return $("#create_group").prop("checked") && $("#subgroup_input").val() != ''; + } + } + }); } }); $("#select_subgroup").change(function() { if($(this).prop('checked')) { $("#subgroup_select").prop('disabled', false); - $("#subgroup_input").prop('disabled', true); - $("#subgroupdesc_input").prop('disabled', true); + $("#subgroup_input").prop('disabled', true).prop("required", false ); + $("#subgroupdesc_input").prop('disabled', true).prop("required", false ); + clearValidation( $("#sql_report_form") ); } }); $("#create_subgroup").change(function() { if($(this).prop('checked')) { - $("#subgroup_input").prop('disabled', false); - $("#subgroupdesc_input").prop('disabled', false); - $("#subgroup_select").prop('disabled', true); + $("#subgroup_input").prop('disabled', false).prop("required", true ); + $("#subgroupdesc_input").prop('disabled', false).prop("required", true ); + $("#subgroup_select").val("").prop('disabled', true); } }); $("#select_group").change(); -- 2.39.5