From 0515c0698574418f6b53647094c0f59f28236104 Mon Sep 17 00:00:00 2001 From: Mark Tompsett Date: Sat, 20 Sep 2014 08:01:36 -0400 Subject: [PATCH] Bug 12740 - Data Validation followup MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Added server-side validation and feedback to Koha news. TEST PLAN --------- 1) Log in to staff client as someone who can add news 2) Paste a variation of the ugly following URL into your address bar: https://demo.library-admin.kohasystem.ca/cgi-bin/koha/tools/koha-news.pl?op=add&lang=&branch=&title=&from=&to=&number=&new= -- A blank news item is added without warning! 3) Apply patch 4) Repeat step 2 -- "ERROR: Required news title missing!" is displayed and no blank news is added 5) run koha qa test tools Followed test plan, Error message appears as expected, qa test tool: OK Signed-off-by: Marc Véron Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi --- .../prog/en/modules/tools/koha-news.tt | 1 + tools/koha-news.pl | 34 ++++++++++++------- 2 files changed, 23 insertions(+), 12 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/koha-news.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/koha-news.tt index e1159f8903..dda073800d 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/koha-news.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/koha-news.tt @@ -60,6 +60,7 @@ Edit news item[% ELSE %]Add news item[% END %][% ELSE %]News[% END %]
[% UNLESS ( add_form ) %] + [% IF (error_message) %]

[% error_message %]

[% END %] diff --git a/tools/koha-news.pl b/tools/koha-news.pl index a07b3d4be1..42dd149042 100755 --- a/tools/koha-news.pl +++ b/tools/koha-news.pl @@ -45,6 +45,8 @@ my $timestamp = format_date_in_iso($cgi->param('timestamp')); my $number = $cgi->param('number'); my $lang = $cgi->param('lang'); my $branchcode = $cgi->param('branch'); +my $error_message = $cgi->param('error_message'); + # Foreign Key constraints work with NULL, not '' # NULL = All branches. $branchcode = undef if (defined($branchcode) && $branchcode eq ''); @@ -62,6 +64,9 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user( } ); +# Pass error message if there is one. +$template->param( error_message => $error_message ) if $error_message; + # get lang list my @lang_list; my $tlangs = getTranslatedLanguages() ; @@ -99,18 +104,23 @@ if ( $op eq 'add_form' ) { } } elsif ( $op eq 'add' ) { - add_opac_new( - { - title => $title, - new => $new, - lang => $lang, - expirationdate => $expirationdate, - timestamp => $timestamp, - number => $number, - branchcode => $branchcode, - } - ); - print $cgi->redirect("/cgi-bin/koha/tools/koha-news.pl"); + if ($title) { + add_opac_new( + { + title => $title, + new => $new, + lang => $lang, + expirationdate => $expirationdate, + timestamp => $timestamp, + number => $number, + branchcode => $branchcode, + } + ); + print $cgi->redirect("/cgi-bin/koha/tools/koha-news.pl"); + } + else { + print $cgi->redirect("/cgi-bin/koha/tools/koha-news.pl?error_message=ERROR:+Required+news+title+missing!"); + } } elsif ( $op eq 'edit' ) { upd_opac_new( -- 2.39.5