[Koha-cvs] CVS: koha/admin itemtypes.pl,1.5,1.6

Paul POULAIN tipaul at users.sourceforge.net
Mon Dec 2 16:55:21 CET 2002 

Update of /cvsroot/koha/koha/admin
In directory sc8-pr-cvs1:/tmp/cvs-serv15938/admin

Modified Files:
	itemtypes.pl 
Log Message:
bugfix for bug N°135.

Note : yes, checks are performed only on client side.
I agree this is not very secure, but it's a rarely  modified value and koha 2.0 will need :
* IE5+ or Mozilla/Netscape 6+
* javascript enabled.

Maybe the best solution would be to include in *.inc files a test for javascript activated and refuse acces if it's not.

Index: itemtypes.pl
===================================================================
RCS file: /cvsroot/koha/koha/admin/itemtypes.pl,v
retrieving revision 1.5
retrieving revision 1.6
diff -C2 -r1.5 -r1.6
*** itemtypes.pl	5 Oct 2002 10:02:49 -0000	1.5
--- itemtypes.pl	2 Dec 2002 15:55:19 -0000	1.6
***************
*** 74,84 ****
  print $input->header;
  
- #start the page and read in includes
- print startpage();
- print startmenu('admin');
  
  ################## ADD_FORM ##################################
  # called by default. Used to create form to add or  modify a record
  if ($op eq 'add_form') {
  	#---- if primkey exists, it's a modify action, so read values to modify...
  	my $data;
--- 74,84 ----
  print $input->header;
  
  
  ################## ADD_FORM ##################################
  # called by default. Used to create form to add or  modify a record
  if ($op eq 'add_form') {
+ 	#start the page and read in includes
+ 	print startpage();
+ 	print startmenu('admin');
  	#---- if primkey exists, it's a modify action, so read values to modify...
  	my $data;
***************
*** 134,142 ****
  			_alertString += "- description missing\\n";
  		}
! 		if (!isNum(f.loanlength,0)) {
  			_alertString += "- loan length is not a number\\n";
  		}
! 		if (!isNum(f.rentalcharge,0)) {
! 			_alertString += "- loan length is not a number\\n";
  		}
  		if (_alertString.length==0) {
--- 134,142 ----
  			_alertString += "- description missing\\n";
  		}
! 		if ((!isNum(f.loanlength,0)) && f.loanlength.value.length > 0) {
  			_alertString += "- loan length is not a number\\n";
  		}
! 		if ((!isNum(f.rentalcharge,0)) && f.rentalcharge.value.length > 0) {
! 			_alertString += "- rental charge is not a number\\n";
  		}
  		if (_alertString.length==0) {
***************
*** 197,208 ****
  	$sth->execute;
  	$sth->finish;
! 	print "data recorded";
! 	print "<form action='$script_name' method=post>";
! 	print "<input type=submit value=OK>";
! 	print "</form>";
  													# END $OP eq ADD_VALIDATE
  ################## DELETE_CONFIRM ##################################
  # called by default form, used to confirm deletion of data in DB
  } elsif ($op eq 'delete_confirm') {
  	my $dbh = C4::Context->dbh;
  	my $sth=$dbh->prepare("select count(*) as total from categoryitem where itemtype='$itemtype'");
--- 197,209 ----
  	$sth->execute;
  	$sth->finish;
! 	print "Content-Type: text/html\n\n<META HTTP-EQUIV=Refresh CONTENT=\"0; URL=itemtypes.pl\"></html>";
! 	exit;
  													# END $OP eq ADD_VALIDATE
  ################## DELETE_CONFIRM ##################################
  # called by default form, used to confirm deletion of data in DB
  } elsif ($op eq 'delete_confirm') {
+ 	#start the page and read in includes
+ 	print startpage();
+ 	print startmenu('admin');
  	my $dbh = C4::Context->dbh;
  	my $sth=$dbh->prepare("select count(*) as total from categoryitem where itemtype='$itemtype'");
***************
*** 233,236 ****
--- 234,240 ----
  # called by delete_confirm, used to effectively confirm deletion of data in DB
  } elsif ($op eq 'delete_confirmed') {
+ 	#start the page and read in includes
+ 	print startpage();
+ 	print startmenu('admin');
  	my $dbh = C4::Context->dbh;
  	my $itemtype=uc($input->param('itemtype'));
***************
*** 246,257 ****
  ################## DEFAULT ##################################
  } else { # DEFAULT
  	my @inputs=(["text","description",$searchfield],
  		["reset","reset","clr"]);
  	print mkheadr(2,'Item types admin');
  	print mkformnotable("$script_name", at inputs);
- 	print <<printend
- 
- printend
- 	;
  	if  ($searchfield ne '') {
  		print "You Searched for <b>$searchfield<b><p>";
--- 250,260 ----
  ################## DEFAULT ##################################
  } else { # DEFAULT
+ 	#start the page and read in includes
+ 	print startpage();
+ 	print startmenu('admin');
  	my @inputs=(["text","description",$searchfield],
  		["reset","reset","clr"]);
  	print mkheadr(2,'Item types admin');
  	print mkformnotable("$script_name", at inputs);
  	if  ($searchfield ne '') {
  		print "You Searched for <b>$searchfield<b><p>";

More information about the Koha-cvs mailing list