[Patches] [PATCH] Bug 7013: authorized values now have a required format

koha-patchbot at kohaaloha.com koha-patchbot at kohaaloha.com
Tue Dec 6 02:20:03 NZDT 2011


From: Adrien Saurat <adrien.saurat at biblibre.com>
Date: Mon, 5 Dec 2011 14:11:25 +0100
Subject: [PATCH] Bug 7013: authorized values now have a required format

A new authorized value must contain letters, numbers,
dash and/or underscore. No other char allowed.
---
 admin/authorised_values.pl                         |   97 +++++++++++---------
 .../prog/en/modules/admin/authorised_values.tt     |    7 +-
 2 files changed, 58 insertions(+), 46 deletions(-)

diff --git a/admin/authorised_values.pl b/admin/authorised_values.pl
index d7872d6..b713f08 100755
--- a/admin/authorised_values.pl
+++ b/admin/authorised_values.pl
@@ -102,59 +102,68 @@ if ($op eq 'add_form') {
     my $imageurl     = $input->param( 'imageurl' ) || '';
 	$imageurl = '' if $imageurl =~ /removeImage/;
     my $duplicate_entry = 0;
+    my $bad_chars = 0;
 
-    if ( $id ) { # Update
-        my $sth = $dbh->prepare( "SELECT category, authorised_value FROM authorised_values WHERE id='$id' ");
-        $sth->execute();
-        my ($category, $authorised_value) = $sth->fetchrow_array();
-        if ( $authorised_value ne $new_authorised_value ) {
+    if ( $new_authorised_value =~ /^[a-zA-Z0-9\-_]+$/ ) {
+        if ( $id ) { # Update
+            my $sth = $dbh->prepare( "SELECT category, authorised_value FROM authorised_values WHERE id='$id' ");
+            $sth->execute();
+            my ($category, $authorised_value) = $sth->fetchrow_array();
+            if ( $authorised_value ne $new_authorised_value ) {
+                my $sth = $dbh->prepare_cached( "SELECT COUNT(*) FROM authorised_values " .
+                    "WHERE category = '$new_category' AND authorised_value = '$new_authorised_value' and id<>$id");
+                $sth->execute();
+                ($duplicate_entry) = $sth->fetchrow_array();
+                warn "**** duplicate_entry = $duplicate_entry";
+            }
+            unless ( $duplicate_entry ) {
+                my $sth=$dbh->prepare( 'UPDATE authorised_values
+                                          SET category         = ?,
+                                              authorised_value = ?,
+                                              lib              = ?,
+                                              lib_opac         = ?,
+                                              imageurl         = ?
+                                          WHERE id=?' );
+                my $lib = $input->param('lib');
+                my $lib_opac = $input->param('lib_opac');
+                undef $lib if ($lib eq ""); # to insert NULL instead of a blank string
+                undef $lib_opac if ($lib_opac eq ""); # to insert NULL instead of a blank string
+                $sth->execute($new_category, $new_authorised_value, $lib, $lib_opac, $imageurl, $id);
+                print "Content-Type: text/html\n\n<META HTTP-EQUIV=Refresh CONTENT=\"0; URL=authorised_values.pl?searchfield=".$new_category."&offset=$offset\"></html>";
+                exit;
+            }
+        }
+        else { # Insert
             my $sth = $dbh->prepare_cached( "SELECT COUNT(*) FROM authorised_values " .
-                "WHERE category = '$new_category' AND authorised_value = '$new_authorised_value' and id<>$id");
+                "WHERE category = '$new_category' AND authorised_value = '$new_authorised_value' ");
             $sth->execute();
             ($duplicate_entry) = $sth->fetchrow_array();
-            warn "**** duplicate_entry = $duplicate_entry";
+            unless ( $duplicate_entry ) {
+                my $sth=$dbh->prepare( 'INSERT INTO authorised_values
+                                        ( id, category, authorised_value, lib, lib_opac, imageurl )
+                                        values (?, ?, ?, ?, ?, ?)' );
+                my $lib = $input->param('lib');
+                my $lib_opac = $input->param('lib_opac');
+                undef $lib if ($lib eq ""); # to insert NULL instead of a blank string
+                undef $lib_opac if ($lib_opac eq ""); # to insert NULL instead of a blank string
+                $sth->execute($id, $new_category, $new_authorised_value, $lib, $lib_opac, $imageurl );
+                print "Content-Type: text/html\n\n<META HTTP-EQUIV=Refresh CONTENT=\"0; URL=authorised_values.pl?searchfield=".$input->param('category')."&offset=$offset\"></html>";
+                exit;
+            }
         }
-        unless ( $duplicate_entry ) {
-            my $sth=$dbh->prepare( 'UPDATE authorised_values
-                                      SET category         = ?,
-                                          authorised_value = ?,
-                                          lib              = ?,
-                                          lib_opac         = ?,
-                                          imageurl         = ?
-                                      WHERE id=?' );
-            my $lib = $input->param('lib');
-            my $lib_opac = $input->param('lib_opac');
-            undef $lib if ($lib eq ""); # to insert NULL instead of a blank string
-            undef $lib_opac if ($lib_opac eq ""); # to insert NULL instead of a blank string
-            $sth->execute($new_category, $new_authorised_value, $lib, $lib_opac, $imageurl, $id);          
-            print "Content-Type: text/html\n\n<META HTTP-EQUIV=Refresh CONTENT=\"0; URL=authorised_values.pl?searchfield=".$new_category."&offset=$offset\"></html>";
-            exit;
+        if ( $duplicate_entry ) {
+            $template->param(duplicate_category => $new_category,
+                             duplicate_value =>  $new_authorised_value,
+                             else => 1);
+            default_form();
         }
     }
-    else { # Insert
-        my $sth = $dbh->prepare_cached( "SELECT COUNT(*) FROM authorised_values " .
-            "WHERE category = '$new_category' AND authorised_value = '$new_authorised_value' ");
-        $sth->execute();
-        ($duplicate_entry) = $sth->fetchrow_array();
-        unless ( $duplicate_entry ) {
-            my $sth=$dbh->prepare( 'INSERT INTO authorised_values
-                                    ( id, category, authorised_value, lib, lib_opac, imageurl )
-                                    values (?, ?, ?, ?, ?, ?)' );
-    	    my $lib = $input->param('lib');
-    	    my $lib_opac = $input->param('lib_opac');
-    	    undef $lib if ($lib eq ""); # to insert NULL instead of a blank string
-    	    undef $lib_opac if ($lib_opac eq ""); # to insert NULL instead of a blank string
-    	    $sth->execute($id, $new_category, $new_authorised_value, $lib, $lib_opac, $imageurl );
-    	    print "Content-Type: text/html\n\n<META HTTP-EQUIV=Refresh CONTENT=\"0; URL=authorised_values.pl?searchfield=".$input->param('category')."&offset=$offset\"></html>";
-    	    exit;
-        }
-    }
-    if ( $duplicate_entry ) {       
-        $template->param(duplicate_category => $new_category,
-                         duplicate_value =>  $new_authorised_value,
+    else {
+        $template->param(rejected_category => $new_category,
+                         rejected_value =>  $new_authorised_value,
                          else => 1);
         default_form();
-     }           
+    }
 	
 ################## DELETE_CONFIRM ##################################
 # called by default form, used to confirm deletion of data in DB
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/authorised_values.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/authorised_values.tt
index 7e71789..1d9cfea 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/authorised_values.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/authorised_values.tt
@@ -67,8 +67,7 @@
         <li>
             <label for="authorised_value">Authorized value</label>
      [% IF ( action_modify ) %]<input type="hidden" id="id" name="id" value="[% id %]" />[% END %]
-            <input type="text" id="authorised_value" name="authorised_value" value="[% authorised_value %]" maxlength="80" />
-        </li>
+            <input type="text" id="authorised_value" name="authorised_value" value="[% authorised_value %]" maxlength="80" /> <span class="hint">Allowed characters : letters, numbers, dash and underscore</span></li>
         <li>
             <label for="lib">Description</label>
             <input type="text" name="lib" id="lib" value="[% lib %]" maxlength="80" />
@@ -182,6 +181,10 @@
 <div class="dialog alert">Could not add value "[% duplicate_value %]" for category "[% duplicate_category %]" — value already present.
 </div>
 [% END %]
+[% IF ( rejected_category ) %]
+<div class="dialog alert">Could not add value "[% rejected_value %]" for category "[% rejected_category %]" — the value can only contain the following characters: letters, numbers, - and _
+</div>
+[% END %]
 <form action="/cgi-bin/koha/admin/authorised_values.pl" method="post" id="category"><label for="searchfield">Show Category: </label>[% tab_list %] <input type="submit" value="Submit" /></form>
 [% IF ( category == 'Bsort1' ) %]
     <p>An authorized value attached to patrons, that can be used for stats purposes</p>
-- 
1.7.4.1




More information about the Patches mailing list