[Koha-patches] [PATCH] Bugfix 2026 - Comments handling overhauled. Scrubber and Error feedback added.
Joe Atzberger
joe.atzberger at liblime.com
Thu May 22 22:10:22 CEST 2008
Note: we CANNOT rely on window.close in onSubmit or $().submit to close our popups.
On a relatively slow connection with a relatively large POST, commonly the close finishes
*before* the POST completes, as reported with our New Zealand clients. Despite success in
trivial cases, this should be obvious, since the event is necessarily before the submission.
It also assumes success and prevents any kind of error feedback. Other popups are likely
to exhibit this same defective behavior.
Some FIXME's outstanding: need to allow users to delete their own comments,
need to enforce and feedback on max comment length.
---
.../opac-tmpl/prog/en/modules/opac-review.tmpl | 90 +++++++++++++------
opac/opac-review.pl | 48 +++++++---
2 files changed, 94 insertions(+), 44 deletions(-)
diff --git a/koha-tmpl/opac-tmpl/prog/en/modules/opac-review.tmpl b/koha-tmpl/opac-tmpl/prog/en/modules/opac-review.tmpl
index 42ec0d1..b21393d 100644
--- a/koha-tmpl/opac-tmpl/prog/en/modules/opac-review.tmpl
+++ b/koha-tmpl/opac-tmpl/prog/en/modules/opac-review.tmpl
@@ -1,46 +1,78 @@
-<!-- TMPL_INCLUDE name="doc-head-open.inc" --><!-- TMPL_IF NAME="LibraryNameTitle" --><!-- TMPL_VAR NAME="LibraryNameTitle" --><!-- TMPL_ELSE -->Koha Online<!-- /TMPL_IF --> Catalog › Library Home for <!-- TMPL_LOOP name="BORROWER_INFO" --><!-- TMPL_VAR name="firstname" --> <!-- TMPL_VAR name="surname" --><!-- /TMPL_LOOP -->
+<!-- TMPL_INCLUDE name="doc-head-open.inc" --><!-- TMPL_VAR NAME="LibraryNameTitle" DEFAULT="Koha Online" --> Catalog › Comments on <!--TMPL_VAR NAME="title" -->
<!-- TMPL_INCLUDE NAME="doc-head-close.inc" -->
- <style type="text/css">
- #custom-doc { width:37.08em;*width:36.16em;min-width:485px; margin:1em auto; text-align:left; }
- </style>
- </head>
- <body id="comment">
- <div id="custom-doc" class="yui-t7">
-<div class="container">
-<form id="reviewf" action="/cgi-bin/koha/opac-review.pl" method="post">
- <input type="hidden" name="biblionumber" value="<!-- TMPL_VAR NAME="biblionumber" -->" />
- <input type="hidden" name="type" value="<!-- TMPL_VAR NAME="type" -->" />
- <fieldset class="brief">
- <legend>Comments on <i><!--TMPL_VAR NAME="title" --> <!-- TMPL_VAR NAME="subtitle" --></i><!-- TMPL_IF NAME="author" -->by <!-- TMPL_VAR NAME="author" --><!-- /TMPL_IF --></legend>
- <ol><li><textarea id="review" name="review" cols="60" rows="8"><!--TMPL_VAR NAME="review"--></textarea></li></ol>
- </fieldset>
- <p>Note: Your comment must be approved by a librarian. </p>
- <fieldset class="action"> <input type="submit" value="Submit and close this window" /> <a class="cancel close" href="#">Cancel</a></fieldset>
-</form></div>
+<style type="text/css">
+ #custom-doc { width:37.08em;*width:36.16em;min-width:485px; margin:1em auto; text-align:left; }
+</style>
<script type="text/JavaScript" language="JavaScript">
//<![CDATA[
$(document).ready(function() {
- $('#reviewf').submit( function() {
+ var inject_old = function(comment) {
<!-- TMPL_IF NAME="reviewid" -->
+ <!-- TMPL_IF NAME="cgi_debug" -->alert("injecting OLD comment: " +comment);<!-- /TMPL_IF -->
parent.opener.$('#c<!-- TMPL_VAR NAME="reviewid" --> p').prev("small").prev("h5").html("Your Edited Comment (preview, pending approval)");
- parent.opener.$('#c<!-- TMPL_VAR NAME="reviewid" --> p').html($("#review").val().replace(/&/g,'&').replace(/</g,'<').replace(/>/g,'>'));
+ parent.opener.$('#c<!-- TMPL_VAR NAME="reviewid" --> p').html(comment);
parent.opener.$('#c<!-- TMPL_VAR NAME="reviewid" --> p').append(" <a href=\"#comment\" onclick=\"Dopop(\'/cgi-bin/koha/opac-review.pl?biblionumber=<!-- TMPL_VAR NAME="biblionumber"-->&reviewid=<!-- TMPL_VAR NAME="reviewid" -->\');\">Edit</a>");
- window.close();
- <!-- TMPL_ELSE -->
+ <!-- /TMPL_IF -->
+ return 1;
+ };
+ var inject_new = function(comment) {
+ <!-- TMPL_IF NAME="cgi_debug" -->alert("injecting NEW comment: " +comment);<!-- /TMPL_IF -->
parent.opener.$('#newcomment').attr("class","yours");
- parent.opener.$('#newcomment').html("<h5>Your Comment (preview, pending approval)</h5>");
- parent.opener.$('#newcomment').append("<p>"+$("#review").val().replace(/&/g,'&').replace(/</g,'<').replace(/>/g,'>'));
- parent.opener.$('#newcomment p').append(" <a href=\"#comment\" onclick=\"Dopop(\'/cgi-bin/koha/opac-review.pl?biblionumber=<!-- TMPL_VAR NAME="biblionumber"-->&reviewid=<!-- TMPL_VAR NAME="reviewid" -->\');\">Edit</a></p>");
+ parent.opener.$('#newcomment').html(
+ "<h5>Your Comment (preview, pending approval)</h5>" +
+ "<p>"+comment+"</p>" +
+ "<a href=\"#comment\" onclick=\"Dopop(\'/cgi-bin/koha/opac-review.pl?biblionumber=<!-- TMPL_VAR NAME="biblionumber"-->\');\">Edit</a></p>"
+ );
parent.opener.$("#addcomment").prev("p").remove();
parent.opener.$("#addcomment").remove();
- window.close();
+ };
+ <!-- TMPL_IF NAME="clean_review" -->
+ var clean_review = "<!-- TMPL_VAR NAME="clean_review" ESCAPE=JS -->"; // TMPL var must not contain " quotes.
+ <!-- TMPL_IF NAME="reviewid" -->
+ inject_old(clean_review);
+ <!-- TMPL_ELSE -->
+ inject_new(clean_review);
+ <!-- /TMPL_IF -->
+ <!-- /TMPL_IF -->
+ <!-- TMPL_IF NAME="WINDOW_CLOSE" -->
+ <!-- TMPL_IF NAME="ERRORS" -->
+ setTimeout("window.close()",5000); // flash this page, then close. Change warning in template if you change this value.
+ <!-- TMPL_ELSE -->
+ window.close();
<!-- /TMPL_IF -->
- });
+ <!-- /TMPL_IF -->
+ // $('#reviewf').submit(function() {});
});
//]]>
</script>
+</head>
+<body id="comment">
+<div id="custom-doc" class="yui-t7">
+<div class="container">
+<!-- TMPL_IF NAME="ERRORS" -->
+ <div class="error">
+ <!-- TMPL_LOOP NAME="ERRORS" -->
+ <p>
+ <!-- TMPL_IF NAME="scrubbed" -->Note: your comment contained illegal markup code.
+ It has been saved with the markup removed, as below.
+ You can edit the comment further, or cancel to retain the comment as is.
+ <!-- /TMPL_IF -->
+ <!-- TMPL_IF NAME="scrubbed_all" -->Error! Your comment was entirely illegal markup code. It has NOT been added.<!-- /TMPL_IF -->
+ <!-- TMPL_IF NAME="empty" -->Error! You cannot add an empty comment. Please add content or cancel.<!-- /TMPL_IF -->
+ </p>
+ <!-- /TMPL_LOOP -->
+ <!-- TMPL_IF NAME="WINDOW_CLOSE" -->Note: this window will close automatically in 5 seconds<!-- /TMPL_IF -->
+ </div>
+<!-- /TMPL_IF -->
+<form id="reviewf" action="/cgi-bin/koha/opac-review.pl" method="post">
+ <input type="hidden" name="biblionumber" value="<!-- TMPL_VAR NAME="biblionumber" -->" />
+ <fieldset class="brief">
+ <legend>Comments on <i><!--TMPL_VAR NAME="title" --> <!-- TMPL_VAR NAME="subtitle" --></i><!-- TMPL_IF NAME="author" -->by <!-- TMPL_VAR NAME="author" --><!-- /TMPL_IF --></legend>
+ <ol><li><textarea id="review" name="review" cols="60" rows="8"><!--TMPL_VAR NAME="review"--></textarea></li></ol>
+ </fieldset>
+ <p>Note: Your comment must be approved by a librarian. </p>
+ <fieldset class="action"> <input type="submit" value="Submit and close this window" /> <a class="cancel close" href="#">Cancel</a></fieldset>
+</form></div>
</div>
-
</body>
</html>
-
diff --git a/opac/opac-review.pl b/opac/opac-review.pl
index 9f9722e..52f96e7 100755
--- a/opac/opac-review.pl
+++ b/opac/opac-review.pl
@@ -18,20 +18,19 @@
# Suite 330, Boston, MA 02111-1307 USA
use strict;
-require Exporter;
+use warnings;
use CGI;
use C4::Auth;
use C4::Koha;
use C4::Output;
-use C4::Circulation;
use C4::Review;
use C4::Biblio;
+use C4::Scrubber;
+use C4::Debug;
my $query = new CGI;
my $biblionumber = $query->param('biblionumber');
-my $type = $query->param('type');
my $review = $query->param('review');
-my $reviewid = $query->param('reviewid');
my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
{
template_name => "opac-review.tmpl",
@@ -41,22 +40,41 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
}
);
-my $biblio = GetBiblioData( $biblionumber);
+# FIXME: need to allow user to delete their own comment(s)
-my $savedreview = getreview( $biblionumber, $borrowernumber );
-if ( $type eq 'save' ) {
- savereview( $biblionumber, $borrowernumber, $review );
+my $biblio = GetBiblioData($biblionumber);
+my $savedreview = getreview($biblionumber,$borrowernumber);
+my ($clean, @errors);
+if (defined $review) {
+ if ($review !~ /\S/) {
+ push @errors, {empty=>1};
+ } else {
+ $clean = C4::Scrubber->new('comment')->scrub($review);
+ if ($clean !~ /\S/) {
+ push @errors, {scrubbed_all=>1};
+ } else {
+ if ($clean ne $review) {
+ push @errors, {scrubbed=>$clean};
+ my $js_ok_review = $clean;
+ $js_ok_review =~ s/"/"/g; # probably redundant w/ TMPL ESCAPE=JS
+ $template->param(clean_review=>$js_ok_review);
+ }
+ if ($savedreview) {
+ updatereview($biblionumber, $borrowernumber, $clean);
+ } else {
+ savereview($biblionumber, $borrowernumber, $clean);
+ }
+ unless (@errors){ $template->param(WINDOW_CLOSE=>1); }
+ }
+ }
}
-elsif ( $type eq 'update' ) {
- updatereview( $biblionumber, $borrowernumber, $review );
-}
-$type = ($savedreview) ? "update" : "save";
+(@errors ) and $template->param( ERRORS=>\@errors);
+($cgi_debug) and $template->param(cgi_debug=>1 );
$template->param(
'biblionumber' => $biblionumber,
'borrowernumber' => $borrowernumber,
- 'type' => $type,
- 'review' => $savedreview->{'review'},
- 'reviewid' => $reviewid,
+ 'review' => $clean || $savedreview->{'review'},
+ 'reviewid' => $query->param('reviewid') || 0,
'title' => $biblio->{'title'},
);
--
1.5.5.GIT
More information about the Koha-patches
mailing list