[Patches] [PATCH] Bug 7013: enforces required format for authorized values
koha-patchbot at kohaaloha.com
koha-patchbot at kohaaloha.com
Thu Dec 22 22:40:02 NZDT 2011
From: Adrien Saurat <adrien.saurat at biblibre.com>
Date: Thu, 22 Dec 2011 10:34:07 +0100
Subject: [PATCH] Bug 7013: enforces required format for authorized values
---
admin/authorised_values.pl | 99 +++++++++++---------
.../prog/en/modules/admin/authorised_values.tt | 41 +++++++--
2 files changed, 88 insertions(+), 52 deletions(-)
diff --git a/admin/authorised_values.pl b/admin/authorised_values.pl
index d7872d6..a9b6ac2 100755
--- a/admin/authorised_values.pl
+++ b/admin/authorised_values.pl
@@ -102,59 +102,68 @@ if ($op eq 'add_form') {
my $imageurl = $input->param( 'imageurl' ) || '';
$imageurl = '' if $imageurl =~ /removeImage/;
my $duplicate_entry = 0;
+ my $bad_chars = 0;
- if ( $id ) { # Update
- my $sth = $dbh->prepare( "SELECT category, authorised_value FROM authorised_values WHERE id='$id' ");
- $sth->execute();
- my ($category, $authorised_value) = $sth->fetchrow_array();
- if ( $authorised_value ne $new_authorised_value ) {
+ if ( $new_authorised_value =~ /^[a-zA-Z0-9\-_]+$/ ) {
+ if ( $id ) { # Update
+ my $sth = $dbh->prepare( "SELECT category, authorised_value FROM authorised_values WHERE id=? ");
+ $sth->execute($id);
+ my ($category, $authorised_value) = $sth->fetchrow_array();
+ if ( $authorised_value ne $new_authorised_value ) {
+ my $sth = $dbh->prepare_cached( "SELECT COUNT(*) FROM authorised_values " .
+ "WHERE category = ? AND authorised_value = ? and id<>?");
+ $sth->execute($new_category, $new_authorised_value, $id);
+ ($duplicate_entry) = $sth->fetchrow_array();
+ warn "**** duplicate_entry = $duplicate_entry";
+ }
+ unless ( $duplicate_entry ) {
+ my $sth=$dbh->prepare( 'UPDATE authorised_values
+ SET category = ?,
+ authorised_value = ?,
+ lib = ?,
+ lib_opac = ?,
+ imageurl = ?
+ WHERE id=?' );
+ my $lib = $input->param('lib');
+ my $lib_opac = $input->param('lib_opac');
+ undef $lib if ($lib eq ""); # to insert NULL instead of a blank string
+ undef $lib_opac if ($lib_opac eq ""); # to insert NULL instead of a blank string
+ $sth->execute($new_category, $new_authorised_value, $lib, $lib_opac, $imageurl, $id);
+ print "Content-Type: text/html\n\n<META HTTP-EQUIV=Refresh CONTENT=\"0; URL=authorised_values.pl?searchfield=".$new_category."&offset=$offset\"></html>";
+ exit;
+ }
+ }
+ else { # Insert
my $sth = $dbh->prepare_cached( "SELECT COUNT(*) FROM authorised_values " .
- "WHERE category = '$new_category' AND authorised_value = '$new_authorised_value' and id<>$id");
- $sth->execute();
+ "WHERE category = ? AND authorised_value = ? ");
+ $sth->execute($new_category, $new_authorised_value);
($duplicate_entry) = $sth->fetchrow_array();
- warn "**** duplicate_entry = $duplicate_entry";
- }
- unless ( $duplicate_entry ) {
- my $sth=$dbh->prepare( 'UPDATE authorised_values
- SET category = ?,
- authorised_value = ?,
- lib = ?,
- lib_opac = ?,
- imageurl = ?
- WHERE id=?' );
- my $lib = $input->param('lib');
- my $lib_opac = $input->param('lib_opac');
- undef $lib if ($lib eq ""); # to insert NULL instead of a blank string
- undef $lib_opac if ($lib_opac eq ""); # to insert NULL instead of a blank string
- $sth->execute($new_category, $new_authorised_value, $lib, $lib_opac, $imageurl, $id);
- print "Content-Type: text/html\n\n<META HTTP-EQUIV=Refresh CONTENT=\"0; URL=authorised_values.pl?searchfield=".$new_category."&offset=$offset\"></html>";
- exit;
+ unless ( $duplicate_entry ) {
+ my $sth=$dbh->prepare( 'INSERT INTO authorised_values
+ ( id, category, authorised_value, lib, lib_opac, imageurl )
+ values (?, ?, ?, ?, ?, ?)' );
+ my $lib = $input->param('lib');
+ my $lib_opac = $input->param('lib_opac');
+ undef $lib if ($lib eq ""); # to insert NULL instead of a blank string
+ undef $lib_opac if ($lib_opac eq ""); # to insert NULL instead of a blank string
+ $sth->execute($id, $new_category, $new_authorised_value, $lib, $lib_opac, $imageurl );
+ print "Content-Type: text/html\n\n<META HTTP-EQUIV=Refresh CONTENT=\"0; URL=authorised_values.pl?searchfield=".$input->param('category')."&offset=$offset\"></html>";
+ exit;
+ }
}
- }
- else { # Insert
- my $sth = $dbh->prepare_cached( "SELECT COUNT(*) FROM authorised_values " .
- "WHERE category = '$new_category' AND authorised_value = '$new_authorised_value' ");
- $sth->execute();
- ($duplicate_entry) = $sth->fetchrow_array();
- unless ( $duplicate_entry ) {
- my $sth=$dbh->prepare( 'INSERT INTO authorised_values
- ( id, category, authorised_value, lib, lib_opac, imageurl )
- values (?, ?, ?, ?, ?, ?)' );
- my $lib = $input->param('lib');
- my $lib_opac = $input->param('lib_opac');
- undef $lib if ($lib eq ""); # to insert NULL instead of a blank string
- undef $lib_opac if ($lib_opac eq ""); # to insert NULL instead of a blank string
- $sth->execute($id, $new_category, $new_authorised_value, $lib, $lib_opac, $imageurl );
- print "Content-Type: text/html\n\n<META HTTP-EQUIV=Refresh CONTENT=\"0; URL=authorised_values.pl?searchfield=".$input->param('category')."&offset=$offset\"></html>";
- exit;
+ if ( $duplicate_entry ) {
+ $template->param(duplicate_category => $new_category,
+ duplicate_value => $new_authorised_value,
+ else => 1);
+ default_form();
}
}
- if ( $duplicate_entry ) {
- $template->param(duplicate_category => $new_category,
- duplicate_value => $new_authorised_value,
+ else {
+ $template->param(rejected_category => $new_category,
+ rejected_value => $new_authorised_value,
else => 1);
default_form();
- }
+ }
################## DELETE_CONFIRM ##################################
# called by default form, used to confirm deletion of data in DB
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/authorised_values.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/authorised_values.tt
index 7e71789..8ea55eb 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/authorised_values.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/authorised_values.tt
@@ -18,6 +18,29 @@
<script type="text/JavaScript" language="JavaScript">
//<![CDATA[
+ function CheckAttributeTypeForm(f) {
+ var ok=1;
+ var _alertString="";
+ var alertString2;
+
+ var patt=/^[a-zA-Z0-9\-_]+$/g;
+
+ if (f.authorised_value.value.length==0) {
+ _alertString += "\n- " + _("Authorized value missing");
+ }
+ else if (! patt.test(f.authorised_value.value) ) {
+ _alertString += "\n- " + _("The authorized value can only contain the following characters: letters, numbers, - and _");
+ }
+ if (_alertString.length==0) {
+ document.Aform.submit();
+ } else {
+ alertString2 = _("Form not submitted because of the following problem(s)");
+ alertString2 += "\n------------------------------------------------------------------------------------\n";
+ alertString2 += _alertString;
+ alert(alertString2);
+ }
+ }
+
$(document).ready(function() {
$('#icons > ul').tabs();
});
@@ -51,6 +74,15 @@
[% IF ( action_add_category ) %]New category[% END %]
</h1>
+ [% IF ( duplicate_category ) %]
+ <div class="dialog alert">Could not add value "[% duplicate_value %]" for category "[% duplicate_category %]" — value already present.
+ </div>
+ [% END %]
+ [% IF ( rejected_category ) %]
+ <div class="dialog alert">Could not add value "[% rejected_value %]" for category "[% rejected_category %]" — the value can only contain the following characters: letters, numbers, - and _
+ </div>
+ [% END %]
+
[% IF ( action_modify ) %]<div class="note"><strong>NOTE:</strong> If you change an authorized value, existing records using it won't be updated.</div>[% END %]
<form action="[% script_name %]" name="Aform" method="post">
@@ -67,8 +99,7 @@
<li>
<label for="authorised_value">Authorized value</label>
[% IF ( action_modify ) %]<input type="hidden" id="id" name="id" value="[% id %]" />[% END %]
- <input type="text" id="authorised_value" name="authorised_value" value="[% authorised_value %]" maxlength="80" />
- </li>
+ <input type="text" id="authorised_value" name="authorised_value" value="[% authorised_value %]" maxlength="80" /> <span class="hint">Allowed characters : letters, numbers, dash and underscore</span></li>
<li>
<label for="lib">Description</label>
<input type="text" name="lib" id="lib" value="[% lib %]" maxlength="80" />
@@ -115,7 +146,7 @@
</fieldset>
<fieldset class="action"> <input type="hidden" name="id" value="[% id %]" />
- <input type="submit" value="Save" /> <a class="cancel" href="/cgi-bin/koha/admin/authorised_values.pl?searchfield=[% category %]">Cancel</a></fieldset>
+ <input type="button" value="Save" onclick="CheckAttributeTypeForm(this.form)" /> <a class="cancel" href="/cgi-bin/koha/admin/authorised_values.pl?searchfield=[% category %]">Cancel</a></fieldset>
</form>
[% END %]
@@ -178,10 +209,6 @@
<h1>Authorized values</h1>
<div class="note"><strong>NOTE:</strong> If you change an authorized value, existing records using it won't be updated.</div>
-[% IF ( duplicate_category ) %]
-<div class="dialog alert">Could not add value "[% duplicate_value %]" for category "[% duplicate_category %]" — value already present.
-</div>
-[% END %]
<form action="/cgi-bin/koha/admin/authorised_values.pl" method="post" id="category"><label for="searchfield">Show Category: </label>[% tab_list %] <input type="submit" value="Submit" /></form>
[% IF ( category == 'Bsort1' ) %]
<p>An authorized value attached to patrons, that can be used for stats purposes</p>
--
1.7.4.1
More information about the Patches
mailing list