From 19f65cfd126f61c483bd4bab3aab1f4c5b5b63f3 Mon Sep 17 00:00:00 2001 From: tipaul Date: Mon, 2 Dec 2002 15:55:19 +0000 Subject: [PATCH] =?utf8?q?bugfix=20for=20bug=20N=B0135.?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Note : yes, checks are performed only on client side. I agree this is not very secure, but it's a rarely modified value and koha 2.0 will need : * IE5+ or Mozilla/Netscape 6+ * javascript enabled. Maybe the best solution would be to include in *.inc files a test for javascript activated and refuse acces if it's not. --- admin/itemtypes.pl | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/admin/itemtypes.pl b/admin/itemtypes.pl index 556bcdccf9..8ffe198a82 100755 --- a/admin/itemtypes.pl +++ b/admin/itemtypes.pl @@ -73,13 +73,13 @@ my $op = $input->param('op'); $searchfield=~ s/\,//g; print $input->header; -#start the page and read in includes -print startpage(); -print startmenu('admin'); ################## ADD_FORM ################################## # called by default. Used to create form to add or modify a record if ($op eq 'add_form') { + #start the page and read in includes + print startpage(); + print startmenu('admin'); #---- if primkey exists, it's a modify action, so read values to modify... my $data; if ($itemtype) { @@ -133,11 +133,11 @@ if ($op eq 'add_form') { if (!(isNotNull(window.document.Aform.description,1))) { _alertString += "- description missing\\n"; } - if (!isNum(f.loanlength,0)) { + if ((!isNum(f.loanlength,0)) && f.loanlength.value.length > 0) { _alertString += "- loan length is not a number\\n"; } - if (!isNum(f.rentalcharge,0)) { - _alertString += "- loan length is not a number\\n"; + if ((!isNum(f.rentalcharge,0)) && f.rentalcharge.value.length > 0) { + _alertString += "- rental charge is not a number\\n"; } if (_alertString.length==0) { document.Aform.submit(); @@ -196,14 +196,15 @@ print ""; my $sth=$dbh->prepare($query); $sth->execute; $sth->finish; - print "data recorded"; - print "
"; - print ""; - print "
"; + print "Content-Type: text/html\n\n"; + exit; # END $OP eq ADD_VALIDATE ################## DELETE_CONFIRM ################################## # called by default form, used to confirm deletion of data in DB } elsif ($op eq 'delete_confirm') { + #start the page and read in includes + print startpage(); + print startmenu('admin'); my $dbh = C4::Context->dbh; my $sth=$dbh->prepare("select count(*) as total from categoryitem where itemtype='$itemtype'"); $sth->execute; @@ -232,6 +233,9 @@ print ""; ################## DELETE_CONFIRMED ################################## # called by delete_confirm, used to effectively confirm deletion of data in DB } elsif ($op eq 'delete_confirmed') { + #start the page and read in includes + print startpage(); + print startmenu('admin'); my $dbh = C4::Context->dbh; my $itemtype=uc($input->param('itemtype')); my $query = "delete from itemtypes where itemtype='$itemtype'"; @@ -245,14 +249,13 @@ print ""; # END $OP eq DELETE_CONFIRMED ################## DEFAULT ################################## } else { # DEFAULT + #start the page and read in includes + print startpage(); + print startmenu('admin'); my @inputs=(["text","description",$searchfield], ["reset","reset","clr"]); print mkheadr(2,'Item types admin'); print mkformnotable("$script_name",@inputs); - print <$searchfield

"; } -- 2.39.5