[Koha-patches] [PATCH] Bug 7013: required format for authorized values
Adrien Saurat
adrien.saurat at biblibre.com
Mon Dec 5 10:40:14 CET 2011
When an authorized values contains special characters
as spaces, some problems arise in other pages.
This patch sets up a new check for any new
authorized value. The value can only contain
letters, numbers, dash "-" and underscore "_".
---
admin/authorised_values.pl | 97 +++++++++++---------
.../prog/en/modules/admin/authorised_values.tt | 7 +-
2 files changed, 58 insertions(+), 46 deletions(-)
diff --git a/admin/authorised_values.pl b/admin/authorised_values.pl
index d7872d6..26e792e 100755
--- a/admin/authorised_values.pl
+++ b/admin/authorised_values.pl
@@ -102,59 +102,68 @@ if ($op eq 'add_form') {
my $imageurl = $input->param( 'imageurl' ) || '';
$imageurl = '' if $imageurl =~ /removeImage/;
my $duplicate_entry = 0;
+ my $bad_chars = 0;
- if ( $id ) { # Update
- my $sth = $dbh->prepare( "SELECT category, authorised_value FROM authorised_values WHERE id='$id' ");
- $sth->execute();
- my ($category, $authorised_value) = $sth->fetchrow_array();
- if ( $authorised_value ne $new_authorised_value ) {
+ if ( $new_authorised_value =~ /^[a-zA-Z0-9\-_]+$/ ) {
+ if ( $id ) { # Update
+ my $sth = $dbh->prepare( "SELECT category, authorised_value FROM authorised_values WHERE id='$id' ");
+ $sth->execute();
+ my ($category, $authorised_value) = $sth->fetchrow_array();
+ if ( $authorised_value ne $new_authorised_value ) {
+ my $sth = $dbh->prepare_cached( "SELECT COUNT(*) FROM authorised_values " .
+ "WHERE category = '$new_category' AND authorised_value = '$new_authorised_value' and id<>$id");
+ $sth->execute();
+ ($duplicate_entry) = $sth->fetchrow_array();
+ warn "**** duplicate_entry = $duplicate_entry";
+ }
+ unless ( $duplicate_entry ) {
+ my $sth=$dbh->prepare( 'UPDATE authorised_values
+ SET category = ?,
+ authorised_value = ?,
+ lib = ?,
+ lib_opac = ?,
+ imageurl = ?
+ WHERE id=?' );
+ my $lib = $input->param('lib');
+ my $lib_opac = $input->param('lib_opac');
+ undef $lib if ($lib eq ""); # to insert NULL instead of a blank string
+ undef $lib_opac if ($lib_opac eq ""); # to insert NULL instead of a blank string
+ $sth->execute($new_category, $new_authorised_value, $lib, $lib_opac, $imageurl, $id);
+ print "Content-Type: text/html\n\n<META HTTP-EQUIV=Refresh CONTENT=\"0; URL=authorised_values.pl?searchfield=".$new_category."&offset=$offset\"></html>";
+ exit;
+ }
+ }
+ else { # Insert
my $sth = $dbh->prepare_cached( "SELECT COUNT(*) FROM authorised_values " .
- "WHERE category = '$new_category' AND authorised_value = '$new_authorised_value' and id<>$id");
+ "WHERE category = '$new_category' AND authorised_value = '$new_authorised_value' ");
$sth->execute();
($duplicate_entry) = $sth->fetchrow_array();
- warn "**** duplicate_entry = $duplicate_entry";
+ unless ( $duplicate_entry ) {
+ my $sth=$dbh->prepare( 'INSERT INTO authorised_values
+ ( id, category, authorised_value, lib, lib_opac, imageurl )
+ values (?, ?, ?, ?, ?, ?)' );
+ my $lib = $input->param('lib');
+ my $lib_opac = $input->param('lib_opac');
+ undef $lib if ($lib eq ""); # to insert NULL instead of a blank string
+ undef $lib_opac if ($lib_opac eq ""); # to insert NULL instead of a blank string
+ $sth->execute($id, $new_category, $new_authorised_value, $lib, $lib_opac, $imageurl );
+ print "Content-Type: text/html\n\n<META HTTP-EQUIV=Refresh CONTENT=\"0; URL=authorised_values.pl?searchfield=".$input->param('category')."&offset=$offset\"></html>";
+ exit;
+ }
}
- unless ( $duplicate_entry ) {
- my $sth=$dbh->prepare( 'UPDATE authorised_values
- SET category = ?,
- authorised_value = ?,
- lib = ?,
- lib_opac = ?,
- imageurl = ?
- WHERE id=?' );
- my $lib = $input->param('lib');
- my $lib_opac = $input->param('lib_opac');
- undef $lib if ($lib eq ""); # to insert NULL instead of a blank string
- undef $lib_opac if ($lib_opac eq ""); # to insert NULL instead of a blank string
- $sth->execute($new_category, $new_authorised_value, $lib, $lib_opac, $imageurl, $id);
- print "Content-Type: text/html\n\n<META HTTP-EQUIV=Refresh CONTENT=\"0; URL=authorised_values.pl?searchfield=".$new_category."&offset=$offset\"></html>";
- exit;
+ if ( $duplicate_entry ) {
+ $template->param(duplicate_category => $new_category,
+ duplicate_value => $new_authorised_value,
+ else => 1);
+ default_form();
}
}
- else { # Insert
- my $sth = $dbh->prepare_cached( "SELECT COUNT(*) FROM authorised_values " .
- "WHERE category = '$new_category' AND authorised_value = '$new_authorised_value' ");
- $sth->execute();
- ($duplicate_entry) = $sth->fetchrow_array();
- unless ( $duplicate_entry ) {
- my $sth=$dbh->prepare( 'INSERT INTO authorised_values
- ( id, category, authorised_value, lib, lib_opac, imageurl )
- values (?, ?, ?, ?, ?, ?)' );
- my $lib = $input->param('lib');
- my $lib_opac = $input->param('lib_opac');
- undef $lib if ($lib eq ""); # to insert NULL instead of a blank string
- undef $lib_opac if ($lib_opac eq ""); # to insert NULL instead of a blank string
- $sth->execute($id, $new_category, $new_authorised_value, $lib, $lib_opac, $imageurl );
- print "Content-Type: text/html\n\n<META HTTP-EQUIV=Refresh CONTENT=\"0; URL=authorised_values.pl?searchfield=".$input->param('category')."&offset=$offset\"></html>";
- exit;
- }
- }
- if ( $duplicate_entry ) {
- $template->param(duplicate_category => $new_category,
- duplicate_value => $new_authorised_value,
+ else {
+ $template->param(rejected_category => $new_category,
+ rejected_value => $new_authorised_value,
else => 1);
default_form();
- }
+ }
################## DELETE_CONFIRM ##################################
# called by default form, used to confirm deletion of data in DB
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/authorised_values.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/authorised_values.tt
index 7e71789..1d9cfea 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/authorised_values.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/authorised_values.tt
@@ -67,8 +67,7 @@
<li>
<label for="authorised_value">Authorized value</label>
[% IF ( action_modify ) %]<input type="hidden" id="id" name="id" value="[% id %]" />[% END %]
- <input type="text" id="authorised_value" name="authorised_value" value="[% authorised_value %]" maxlength="80" />
- </li>
+ <input type="text" id="authorised_value" name="authorised_value" value="[% authorised_value %]" maxlength="80" /> <span class="hint">Allowed characters : letters, numbers, dash and underscore</span></li>
<li>
<label for="lib">Description</label>
<input type="text" name="lib" id="lib" value="[% lib %]" maxlength="80" />
@@ -182,6 +181,10 @@
<div class="dialog alert">Could not add value "[% duplicate_value %]" for category "[% duplicate_category %]" — value already present.
</div>
[% END %]
+[% IF ( rejected_category ) %]
+<div class="dialog alert">Could not add value "[% rejected_value %]" for category "[% rejected_category %]" — the value can only contain the following characters: letters, numbers, - and _
+</div>
+[% END %]
<form action="/cgi-bin/koha/admin/authorised_values.pl" method="post" id="category"><label for="searchfield">Show Category: </label>[% tab_list %] <input type="submit" value="Submit" /></form>
[% IF ( category == 'Bsort1' ) %]
<p>An authorized value attached to patrons, that can be used for stats purposes</p>
--
1.7.4.1
More information about the Koha-patches
mailing list