From 68424ae5adab4b8ab4b4f165b6c9ac72cf2590cc Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Wed, 29 May 2019 21:28:23 -0500 Subject: [PATCH] Bug 15814: Handle correctly MMTA edit button The MARC modification template action edit buton does not correctly handle variable escaping. Assigning a JS variable containing the JSON representation of the hashref will make the processing much more easier. Test plan: Create a MARC Modification Template with several actions. In the description you should use the following characters, to try to break this patch: \ ' " \n \r (not sure what we handled \n and \r) Then edit the action, modify and save again. Signed-off-by: Mark Tompsett Signed-off-by: Nick Clemens Signed-off-by: Martin Renvoize (cherry picked from commit 7a80483a1358a7bc3e516a8fbc92d34b6559dcac) Signed-off-by: Fridolin Somers --- .../tools/marc_modification_templates.tt | 24 ++------- .../prog/js/marc_modification_templates.js | 53 ++++++++++--------- 2 files changed, 32 insertions(+), 45 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/marc_modification_templates.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/marc_modification_templates.tt index 33c6be317b..d4943180d7 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/marc_modification_templates.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/marc_modification_templates.tt @@ -1,4 +1,5 @@ [% USE raw %] +[% USE JSON.Escape %] [% USE Asset %] [% SET footerjs = 1 %] [% INCLUDE 'doc-head-open.inc' %] @@ -162,27 +163,7 @@ [% ActionsLoo.description | html %] - Edit + Edit Delete @@ -358,6 +339,7 @@ var MSG_MMT_CONDITIONAL_COMPARISON_REQUIRED = _("The conditional comparison operator should be filled."); var MSG_MMT_CONDITIONAL_VALUE_REQUIRED = _("The conditional value should be filled."); var MSG_MMT_CONDITIONAL_VALUE_REGEX_REQUIRED = _("The conditional regular expression should be filled."); + var mmtas = [% ActionsLoop.json %] [% Asset.js("js/marc_modification_templates.js") | $raw %] [% END %] diff --git a/koha-tmpl/intranet-tmpl/prog/js/marc_modification_templates.js b/koha-tmpl/intranet-tmpl/prog/js/marc_modification_templates.js index 34578569c9..eb1bf39718 100644 --- a/koha-tmpl/intranet-tmpl/prog/js/marc_modification_templates.js +++ b/koha-tmpl/intranet-tmpl/prog/js/marc_modification_templates.js @@ -99,6 +99,14 @@ $(document).ready(function() { return confirmDelete(); }); + $(".edit_action").on("click", function(){ + var mmta_id = $(this).data("mmta_id"); + var mmta = $.grep(mmtas, function(elt, id) { + return elt['mmta_id'] == mmta_id; + }); + editAction( mmta[0] ); + updateAllEvery(); + }); }); function updateAllEvery(){ @@ -258,50 +266,47 @@ function confirmDelete() { var modaction_legend_innerhtml; var action_submit_value; -function editAction( mmta_id, ordering, action, field_number, from_field, from_subfield, field_value, to_field, - to_subfield, to_regex_search, to_regex_replace, to_regex_modifiers, conditional, conditional_field, conditional_subfield, - conditional_comparison, conditional_value, conditional_regex, description -) { +function editAction( mmta ) { $("#add_action").show(); - document.getElementById('mmta_id').value = mmta_id; + document.getElementById('mmta_id').value = mmta['mmta_id']; - setSelectByValue( 'action', action ); + setSelectByValue( 'action', mmta['action'] ); $('#action').change(); - setSelectByValue( 'field_number', field_number ); + setSelectByValue( 'field_number', mmta['field_number'] ); - document.getElementById('from_field').value = from_field; - document.getElementById('from_subfield').value = from_subfield; - document.getElementById('field_value').value = field_value; - document.getElementById('to_field').value = to_field; - document.getElementById('to_subfield').value = to_subfield; - if ( to_regex_search == '' && to_regex_replace == '' && to_regex_modifiers == '' ) { + document.getElementById('from_field').value = mmta['from_field']; + document.getElementById('from_subfield').value = mmta['from_subfield']; + document.getElementById('field_value').value = mmta['field_value']; + document.getElementById('to_field').value = mmta['to_field']; + document.getElementById('to_subfield').value = mmta['to_subfield']; + if ( mmta['regex_search'] == '' && mmta['to_regex_replace'] == '' && mmta['to_regex_modifiers'] == '' ) { $('#to_field_regex').prop('checked', false).change(); } else { $('#to_field_regex').prop('checked', true).change(); - $("#to_regex_search").val(to_regex_search); - $("#to_regex_replace").val(to_regex_replace); - $("#to_regex_modifiers").val(to_regex_modifiers); + $("#to_regex_search").val(mmta['to_regex_search']); + $("#to_regex_replace").val(mmta['to_regex_replace']); + $("#to_regex_modifiers").val(mmta['to_regex_modifiers']); } - setSelectByValue( 'conditional', conditional ); + setSelectByValue( 'conditional', mmta['conditional'] ); $('#conditional').change(); - document.getElementById('conditional_field').value = conditional_field; - document.getElementById('conditional_subfield').value = conditional_subfield; + document.getElementById('conditional_field').value = mmta['conditional_field']; + document.getElementById('conditional_subfield').value = mmta['conditional_subfield']; - setSelectByValue( 'conditional_comparison', conditional_comparison ); + setSelectByValue( 'conditional_comparison', mmta['conditional_comparison'] ); $('#conditional_comparison').change(); - document.getElementById('conditional_value').value = conditional_value; + document.getElementById('conditional_value').value = mmta['conditional_value']; - document.getElementById('conditional_regex').checked = parseInt( conditional_regex ); + document.getElementById('conditional_regex').checked = parseInt( mmta['conditional_regex'] ); $('#conditional_regex').change(); - document.getElementById('description').value = description; + document.getElementById('description').value = mmta['description']; window.modaction_legend_innerhtml = document.getElementById('modaction_legend').innerHTML; - document.getElementById('modaction_legend').innerHTML = MSG_MMT_EDIT_ACTION.format(ordering); + document.getElementById('modaction_legend').innerHTML = MSG_MMT_EDIT_ACTION.format(mmta['ordering']); window.action_submit_value = document.getElementById('action_submit').value; document.getElementById('action_submit').value = MSG_MMT_UPDATE_ACTION; -- 2.39.5