From 70829660c2cd0f464ea643437e7fa607c5d8d4ba Mon Sep 17 00:00:00 2001 From: Joe Atzberger Date: Thu, 22 May 2008 15:10:22 -0500 Subject: [PATCH] Bugfix 2026 - Comments handling overhauled. Scrubber and Error feedback added. Note: we CANNOT rely on window.close in onSubmit or $().submit to close our popups. On a relatively slow connection with a relatively large POST, commonly the close finishes *before* the POST completes, as reported with our New Zealand clients. Despite success in trivial cases, this should be obvious, since the event is necessarily before the submission. It also assumes success and prevents any kind of error feedback. Other popups are likely to exhibit this same defective behavior. Some FIXME's outstanding: need to allow users to delete their own comments, need to enforce and feedback on max comment length. Signed-off-by: Joshua Ferraro --- .../prog/en/modules/opac-review.tmpl | 90 +++++++++++++------ opac/opac-review.pl | 48 ++++++---- 2 files changed, 94 insertions(+), 44 deletions(-) diff --git a/koha-tmpl/opac-tmpl/prog/en/modules/opac-review.tmpl b/koha-tmpl/opac-tmpl/prog/en/modules/opac-review.tmpl index 42ec0d136d..b21393d527 100644 --- a/koha-tmpl/opac-tmpl/prog/en/modules/opac-review.tmpl +++ b/koha-tmpl/opac-tmpl/prog/en/modules/opac-review.tmpl @@ -1,46 +1,78 @@ -Koha Online Catalog › Library Home for + Catalog › Comments on - - - -
-
-
- " /> - " /> -
- Comments on by -
-
-

Note: Your comment must be approved by a librarian.

-
Cancel
-
+ + + +
+
+ +
+ +

+ Note: your comment contained illegal markup code. + It has been saved with the markup removed, as below. + You can edit the comment further, or cancel to retain the comment as is. + + Error! Your comment was entirely illegal markup code. It has NOT been added. + Error! You cannot add an empty comment. Please add content or cancel. +

+ + Note: this window will close automatically in 5 seconds +
+ +
+ " /> +
+ Comments on by +
+
+

Note: Your comment must be approved by a librarian.

+
Cancel
+
- - diff --git a/opac/opac-review.pl b/opac/opac-review.pl index 9f9722e27a..52f96e7be6 100755 --- a/opac/opac-review.pl +++ b/opac/opac-review.pl @@ -18,20 +18,19 @@ # Suite 330, Boston, MA 02111-1307 USA use strict; -require Exporter; +use warnings; use CGI; use C4::Auth; use C4::Koha; use C4::Output; -use C4::Circulation; use C4::Review; use C4::Biblio; +use C4::Scrubber; +use C4::Debug; my $query = new CGI; my $biblionumber = $query->param('biblionumber'); -my $type = $query->param('type'); my $review = $query->param('review'); -my $reviewid = $query->param('reviewid'); my ( $template, $borrowernumber, $cookie ) = get_template_and_user( { template_name => "opac-review.tmpl", @@ -41,22 +40,41 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user( } ); -my $biblio = GetBiblioData( $biblionumber); +# FIXME: need to allow user to delete their own comment(s) -my $savedreview = getreview( $biblionumber, $borrowernumber ); -if ( $type eq 'save' ) { - savereview( $biblionumber, $borrowernumber, $review ); +my $biblio = GetBiblioData($biblionumber); +my $savedreview = getreview($biblionumber,$borrowernumber); +my ($clean, @errors); +if (defined $review) { + if ($review !~ /\S/) { + push @errors, {empty=>1}; + } else { + $clean = C4::Scrubber->new('comment')->scrub($review); + if ($clean !~ /\S/) { + push @errors, {scrubbed_all=>1}; + } else { + if ($clean ne $review) { + push @errors, {scrubbed=>$clean}; + my $js_ok_review = $clean; + $js_ok_review =~ s/"/"/g; # probably redundant w/ TMPL ESCAPE=JS + $template->param(clean_review=>$js_ok_review); + } + if ($savedreview) { + updatereview($biblionumber, $borrowernumber, $clean); + } else { + savereview($biblionumber, $borrowernumber, $clean); + } + unless (@errors){ $template->param(WINDOW_CLOSE=>1); } + } + } } -elsif ( $type eq 'update' ) { - updatereview( $biblionumber, $borrowernumber, $review ); -} -$type = ($savedreview) ? "update" : "save"; +(@errors ) and $template->param( ERRORS=>\@errors); +($cgi_debug) and $template->param(cgi_debug=>1 ); $template->param( 'biblionumber' => $biblionumber, 'borrowernumber' => $borrowernumber, - 'type' => $type, - 'review' => $savedreview->{'review'}, - 'reviewid' => $reviewid, + 'review' => $clean || $savedreview->{'review'}, + 'reviewid' => $query->param('reviewid') || 0, 'title' => $biblio->{'title'}, ); -- 2.39.5