Bug 19108: Fix Stored XSS in classsources.pl

[koha.git] / koha-tmpl / intranet-tmpl / prog / en / modules / members / paycollect.tt

[% USE Koha %]
[% USE Branches %]
[% INCLUDE 'doc-head-open.inc' %]
<title>Koha &rsaquo; Patrons &rsaquo; Collect fine payment for  [% borrower.firstname %] [% borrower.surname %]</title>
[% INCLUDE 'doc-head-close.inc' %]
<script type= "text/javascript">
//<![CDATA[
$(document).ready(function() {
    $('#payindivfine, #woindivfine, #payfine').preventDoubleFormSubmit();
    $("#paid").on("change",function(){
        moneyFormat( this );
    });
});

function moneyFormat(textObj) {
    var newValue = textObj.value;
    var decAmount = "";
    var dolAmount = "";
    var decFlag   = false;
    var aChar     = "";

    for(i=0; i < newValue.length; i++) {
        aChar = newValue.substring(i, i+1);
        if (aChar >= "0" && aChar <= "9") {
            if(decFlag) {
                decAmount = "" + decAmount + aChar;
            }
            else {
                dolAmount = "" + dolAmount + aChar;
            }
        }
        if (aChar == ".") {
            if (decFlag) {
                dolAmount = "";
                break;
            }
            decFlag = true;
        }
    }

    if (dolAmount == "") {
        dolAmount = "0";
    }
// Strip leading 0s
    if (dolAmount.length > 1) {
        while(dolAmount.length > 1 && dolAmount.substring(0,1) == "0") {
            dolAmount = dolAmount.substring(1,dolAmount.length);
        }
    }
    if (decAmount.length > 2) {
        decAmount = decAmount.substring(0,2);
    }
// Pad right side
    if (decAmount.length == 1) {
       decAmount = decAmount + "0";
    }
    if (decAmount.length == 0) {
       decAmount = decAmount + "00";
    }

    textObj.value = dolAmount + "." + decAmount;
}
//]]>
</script>
</head>
<body id="pat_paycollect" class="pat">
[% INCLUDE 'header.inc' %]
[% INCLUDE 'patron-search.inc' %]
<div id="breadcrumbs"><a href="/cgi-bin/koha/mainpage.pl">Home</a> &rsaquo; <a href="/cgi-bin/koha/members/members-home.pl">Patrons</a>  &rsaquo; <a href="/cgi-bin/koha/members/pay.pl?borrowernumber=[% borrower.borrowernumber %]">Pay fines for [% borrower.firstname %] [% borrower.surname %]</a> &rsaquo; [% IF ( pay_individual ) %]Pay an individual fine[% ELSIF ( writeoff_individual ) %]Write off an individual fine[% ELSE %][% IF ( selected_accts ) %]Pay an amount toward selected fines[% ELSE %]Pay an amount toward all fines[% END %][% END %]</div>

<div id="doc3" class="yui-t2">

<div id="bd">
<div id="yui-main">
<div class="yui-b">
[% INCLUDE 'members-toolbar.inc' borrowernumber=borrower.borrowernumber %]


<!-- The manual invoice and credit buttons -->
<div class="statictabs">
<ul>
    <li>
    <a href="/cgi-bin/koha/members/boraccount.pl?borrowernumber=[% borrower.borrowernumber %]">Account</a>
    </li>
    <li class="active">
    <a href="/cgi-bin/koha/members/pay.pl?borrowernumber=[% borrower.borrowernumber %]" >Pay fines</a>
    </li>
    <li>
    <a href="/cgi-bin/koha/members/maninvoice.pl?borrowernumber=[% borrower.borrowernumber %]" >Create manual invoice</a>
    </li>
    <li>
    <a href="/cgi-bin/koha/members/mancredit.pl?borrowernumber=[% borrower.borrowernumber %]" >Create manual credit</a>
    </li>
</ul>
<div class="tabs-container">
[% IF ( error_over ) %]
    <div id="error_message" class="dialog alert">
    You must pay a value less than or equal to [% total_due | format('%.2f') %].
    </div>
[% END %]

[% IF ( pay_individual ) %]
    <form name="payindivfine" id="payindivfine" method="post" action="/cgi-bin/koha/members/paycollect.pl">
    <input type="hidden" name="borrowernumber" id="borrowernumber" value="[% borrower.borrowernumber %]" />
    <input type="hidden" name="pay_individual" id="pay_individual" value="[% pay_individual %]" />
    <input type="hidden" name="itemnumber" id="itemnumber" value="[% itemnumber %]" />
    <input type="hidden" name="description" id="description" value="[% description %]" />
    <input type="hidden" name="accounttype" id="accounttype" value="[% accounttype %]" />
    <input type="hidden" name="notify_id" id="notify_id" value="[% notify_id %]" />
    <input type="hidden" name="notify_level" id="notify_level" value="[% notify_level %]" />
    <input type="hidden" name="amount" id="amount" value="[% amount %]" />
    <input type="hidden" name="amountoutstanding" id="amountoutstanding" value="[% amountoutstanding %]" />
    <input type="hidden" name="accountlines_id" id="accountlines_id" value="[% accountlines_id %]" />
    <input type="hidden" name="title" id="title" value="[% title %]" />

<fieldset class="rows">
    <legend>Pay an individual fine</legend>
    <input type="hidden" name="payment_note" id="payment_note" value="[% payment_note %]" />
    <table>
    <thead><tr>
            <th>Description</th>
            <th>Account type</th>
            <th>Notify id</th>
            <th>Level</th>
            <th>Amount</th>
            <th>Amount outstanding</th>
        </tr></thead>
    <tfoot>
        <td colspan="5">Total amount payable:</td><td>[% amountoutstanding | format('%.2f') %]</td>
    </tfoot>
    <tbody><tr>
            <td>
                [% individual_description %]
            </td>
            <td>[% accounttype %]</td>
            <td>[% notify_id %]</td>
            <td>[% notify_level %]</td>
            <td class="debit">[% amount | format('%.2f') %]</td>
            <td class="debit">[% amountoutstanding | format('%.2f') %]</td>
        </tr></tbody>
</table>

<ol>

    <li>
        <label for="paid">Collect from patron: </label>
            <!-- default to paying all -->
        <input name="paid" id="paid" value="[% amountoutstanding | format('%.2f') %]" />
    </li>
</ol>
</fieldset>

    <div class="action"><input type="submit" name="submitbutton" value="Confirm" />
        <a class="cancel" href="/cgi-bin/koha/members/pay.pl?borrowernumber=[% borrower.borrowernumber %]">Cancel</a></div>
    </form>
[% ELSIF ( writeoff_individual ) %]
    <form name="woindivfine" id="woindivfine" action="/cgi-bin/koha/members/pay.pl" method="post" >
    <fieldset class="rows">
    <legend>Write off an individual fine</legend>
    <input type="hidden" name="borrowernumber" id="borrowernumber" value="[% borrower.borrowernumber %]" />
    <input type="hidden" name="pay_individual" id="pay_individual" value="[% pay_individual %]" />
    <input type="hidden" name="itemnumber" id="itemnumber" value="[% itemnumber %]" />
    <input type="hidden" name="description" id="description" value="[% description %]" />
    <input type="hidden" name="accounttype" id="accounttype" value="[% accounttype %]" />
    <input type="hidden" name="notify_id" id="notify_id" value="[% notify_id %]" />
    <input type="hidden" name="notify_level" id="notify_level" value="[% notify_level %]" />
    <input type="hidden" name="amount" id="amount" value="[% amount %]" />
    <input type="hidden" name="amountoutstanding" id="amountoutstanding" value="[% amountoutstanding %]" />
    <input type="hidden" name="accountlines_id" id="accountlines_id" value="[% accountlines_id %]" />
    <input type="hidden" name="title" id="title" value="[% title %]" />
    <input type="hidden" name="payment_note" id="payment_note" value="[% payment_note %]" />
    <table>
    <thead><tr>
            <th>Description</th>
            <th>Account type</th>
            <th>Notify id</th>
            <th>Level</th>
            <th>Amount</th>
            <th>Amount outstanding</th>
        </tr></thead>
    <tfoot><td colspan="5">Total amount to be written off:</td><td>[% amountoutstanding | format('%.2f') %]</td></tfoot>
    <tbody><tr>
            <td>[% description %] [% title %]</td>
            <td>[% accounttype %]</td>
            <td>[% notify_id %]</td>
            <td>[% notify_level %]</td>
            <td class="debit">[% amount | format('%.2f') %]</td>
            <td class="debit">[% amountoutstanding | format('%.2f') %]</td>
        </tr></tbody>
    </table>
    </fieldset>
    <div class="action"><input type="submit" name="confirm_writeoff" id="confirm_writeoff" value="Write off this charge" />
        <a class="cancel" href="/cgi-bin/koha/members/pay.pl?borrowernumber=[% borrower.borrowernumber %]">Cancel</a></div>
    </form>
[% ELSE %]

    <form name="payfine" id="payfine" method="post" action="/cgi-bin/koha/members/paycollect.pl">
    <input type="hidden" name="borrowernumber" id="borrowernumber" value="[% borrower.borrowernumber %]" />
    <input type="hidden" name="selected_accts" id="selected_accts" value="[% selected_accts %]" />
    <input type="hidden" name="total" id="total" value="[% total %]" />

    <fieldset class="rows">
    [% IF ( selected_accts ) %]<legend>Pay an amount toward selected fines</legend>[% ELSE %]<legend>Pay an amount toward all fines</legend>[% END %]
    <ol>
        <li>
            <span class="label">Total amount outstanding: </span>
            <span class="debit">[% total | format('%.2f') %]</span>
        </li>
    <li>
        <label for="paid">Collect from patron: </label>
        <!-- default to paying all -->
        <input name="paid" id="paid" value="[% total | format('%.2f') %]" />
    </li>
    <li>
        <label for="selected_accts_notes">Note: </label>
        <textarea name="selected_accts_notes" id="selected_accts_notes">[% selected_accts_notes %]</textarea>
    </li>
    </ol>
    </fieldset>
    <div class="action"><input type="submit" name="submitbutton" value="Confirm" />
        <a class="cancel" href="/cgi-bin/koha/members/boraccount.pl?borrowernumber=[% borrower.borrowernumber %]">Cancel</a></div>
    </form>
[% END %]
</div></div>
</div>
</div>

<div class="yui-b">
[% INCLUDE 'circ-menu.inc' %]
</div>
</div>
[% INCLUDE 'intranet-bottom.inc' %]