Bug 19103: Fix Stored XSS in patron-attr-types.pl

[koha.git] / koha-tmpl / intranet-tmpl / prog / en / modules / tools / batchMod-edit.tt

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/batchMod-edit.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/batchMod-edit.tt
index 1632513..c25dfe4 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/batchMod-edit.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/batchMod-edit.tt
@@ -22,17 +22,18 @@ $(document).ready(function(){
   $("input[name='disable_input']").click(function() {
       var row = $(this).attr("id");
       row = row.replace("row","hint");
-      var subfield = $(this).next();
-      if ($(this).is(":checked")){
-          $(this).val($(this).siblings("[name='subfield']").val());
-          $(subfield).prop('disabled', true);
+      var editor = $(this).parent().find("[name='field_value']");
+      if ($(this).is(":checked")) {
+          $(editor).prop('disabled', true);
           $("#"+row).html(_("This subfield will be deleted"));
       } else {
-          $(subfield).prop('disabled', false);
+          $(editor).prop('disabled', false);
           $("#"+row).html("");
       }
   });
-
+    $("#mainformsubmit").on("click",function(){
+        return submitBackgroundJob(this.form);
+    });
 });
 //]]>
 </script>
@@ -41,6 +42,14 @@ $(document).ready(function(){
 <![endif]-->
 <style type="text/css">input[type=checkbox]{ margin : 0 .5em; }</style>
 <link type="text/css" rel="stylesheet" href="[% interface %]/[% theme %]/css/addbiblio.css" />
+
+[% INCLUDE 'select2.inc' %]
+<script type="text/javascript">
+  $(document).ready(function() {
+    $('.subfield_line select').select2();
+  });
+</script>
+
 </head>
 <body id="tools_batchMod-edit" class="tools">
 [% INCLUDE 'header.inc' %]
@@ -60,7 +69,11 @@ $(document).ready(function(){
             [% ELSE %]
               <h1>Batch item modification results</h1>
               <div class="dialog message">
-              [% modified_items %] item(s) modified (with [% modified_fields %] fields modified).
+                [% IF (modified_items) %]
+                  [% modified_items %] item(s) modified (with [% modified_fields %] field(s) modified).
+                [% ELSE %]
+                  No items modified.
+                [% END %]
               <fieldset class="action">
                   [% IF src == 'CATALOGUING' # from catalogue/detail.pl > Edit items in a batch%]
                       <a href="/cgi-bin/koha/catalogue/detail.pl?biblionumber=[% biblionumber %]">Return to the record</a>
@@ -85,7 +98,7 @@ $(document).ready(function(){
     </thead>
     <tbody>
         [% FOREACH notfoundbarcode IN notfoundbarcodes %]
-      <tr><td>[% notfoundbarcode.barcode %]</td></td>
+      <tr><td>[% notfoundbarcode.barcode |html %]</td></td>
         [% END %]
     </tbody>
       </table>
@@ -177,67 +190,73 @@ $(document).ready(function(){
   <fieldset class="rows">
   <ol>
         [% FOREACH ite IN item %]
-               <li><div class="subfield_line" style="[% ite.visibility %]" id="subfield[% ite.tag %][% ite.subfield %][% ite.random %]">
+          <li>
+            <div class="subfield_line" style="[% ite.visibility %]" id="subfield[% ite.tag %][% ite.subfield %][% ite.random %]">
+              [% SET mv = ite.marc_value %]
               [% IF ( ite.mandatory ) %]
-              <label class="required" for="tag_[% ite.tag %]_subfield_[% ite.subfield %]_[% ite.random %]">
+                <label class="required" for="[%- mv.id -%]">
               [% ELSE %]
-              <label for="tag_[% ite.tag %]_subfield_[% ite.subfield %]_[% ite.random %]">
+                <label for="[%- mv.id -%]">
               [% END %]
-              [% ite.subfield %] -
-          [% ite.marc_lib %]
-         </label>
-                [% UNLESS ( ite.mandatory ) %]<input type="checkbox" id="row[% ite.tag %][% ite.subfield %][% ite.random %]" title="Check to delete subfield [% ite.subfield %]" name="disable_input" value="[% ite.subfield %]" />[% ELSE %]<span class="required">Required</span>[% END %]
+                [% ite.subfield %] - [% ite.marc_lib %]
+              </label>
 
-                [% SET mv = ite.marc_value %]
-                [% IF    ( mv.type == 'select' ) -%]
-                    <select name="[%- mv.name -%]" id="[%- mv.id -%]" size="1" tabindex="1" class="input_marceditor">
-                    [%- FOREACH aval IN mv.values %]
+              [% IF ( mv.type == 'select' ) -%]
+                <select name="[%- mv.name -%]" id="[%- mv.id -%]" size="1" tabindex="1" class="input_marceditor">
+                  [%- FOREACH aval IN mv.values %]
                     [% IF aval == mv.default %]
-                        <option value="[%- aval -%]" selected="selected">[%- mv.labels.$aval -%]</option>
+                      <option value="[%- aval -%]" selected="selected">[%- mv.labels.$aval -%]</option>
                     [% ELSE %]
-                        <option value="[%- aval -%]">[%- mv.labels.$aval -%]</option>
+                      <option value="[%- aval -%]">[%- mv.labels.$aval -%]</option>
                     [% END %]
-                    [%- END -%]
-                    </select>
-                [% ELSIF ( mv.type == 'text1' ) %]
-                    <input type="text" tabindex="1" id="[%- mv.id -%]" name="field_value" class="input_marceditor" size="50" maxlength="255" value="[%- mv.value -%]" />
-                    <a href="#" class="buttonDot" onclick="Dopop('/cgi-bin/koha/authorities/auth_finder.pl?authtypecode=[%- mv.authtypecode -%]&index=[%- mv.id -%]','[%- mv.id -%]'); return false;" title="Tag editor">...</a>
-                [% ELSIF ( mv.type == 'text2' ) %]
-                    <input type="text" id="[%- mv.id -%]" name="field_value" class="input_marceditor" size="50" maxlength="255" value="[%- mv.value -%]" />
-                    [% IF mv.noclick %]
-                        <a href="#" class="buttonDot disabled" title="No popup">...</a>
-                    [% ELSE %]
-                        <a href="#" id="buttonDot_[% mv.id %]" class="buttonDot" title="Tag editor">...</a>
-                    [% END %]
-                    [% mv.javascript %]
-                [% ELSIF ( mv.type == 'text' ) %]
-                    <input type="text" tabindex="1" id="[%- mv.id -%]" name="field_value" class="input_marceditor" size="50" maxlength="255" value="[%- mv.value -%]" />
-                [% ELSIF ( mv.type == 'hidden' ) %]
-                    <input type="hidden" tabindex="1" id="[%- mv.id -%]" name="field_value" class="input_marceditor" size="50" maxlength="255" value="[%- mv.value -%]" />
-                [% ELSIF ( mv.type == 'textarea' ) %]
-                    <textarea tabindex="1" id="[%- mv.id -%]" name="field_value" class="input_marceditor" size="50" maxlength="255">[%- mv.value -%]"</textarea>
-                [%- END -%]
-
-                <input type="hidden" name="tag"       value="[% ite.tag %]" />
-                <input type="hidden" name="subfield"       value="[% ite.subfield %]" />
-                <input type="hidden" name="mandatory"       value="[% ite.mandatory %]" />
-                [% IF ( ite.repeatable ) %]
-                    <a href="#" class="buttonPlus" onclick="CloneItemSubfield(this.parentNode); return false;">
-                        <img src="[% interface %]/[% theme %]/img/clone-subfield.png" alt="Clone" title="Clone this subfield" />
-                    </a>
+                  [%- END -%]
+                </select>
+              [% ELSIF ( mv.type == 'text1' ) %]
+                <input type="text" tabindex="1" id="[%- mv.id -%]" name="field_value" class="input_marceditor" size="50" maxlength="255" value="[%- mv.value -%]" />
+                <a href="#" class="buttonDot" onclick="Dopop('/cgi-bin/koha/authorities/auth_finder.pl?authtypecode=[%- mv.authtypecode -%]&index=[%- mv.id -%]','[%- mv.id -%]'); return false;" title="Tag editor">...</a>
+              [% ELSIF ( mv.type == 'text2' ) %]
+                <input type="text" id="[%- mv.id -%]" name="field_value" class="input_marceditor" size="50" maxlength="255" value="[%- mv.value -%]" />
+                [% IF mv.noclick %]
+                  <a href="#" class="buttonDot disabled" title="No popup">...</a>
+                [% ELSE %]
+                  <a href="#" id="buttonDot_[% mv.id %]" class="buttonDot" title="Tag editor">...</a>
                 [% END %]
-                <span class="hint" id="hint[% ite.tag %][% ite.subfield %][% ite.random %]"></span>
-            </div></li>
+                [% mv.javascript %]
+              [% ELSIF ( mv.type == 'text' ) %]
+                <input type="text" tabindex="1" id="[%- mv.id -%]" name="field_value" class="input_marceditor" size="50" maxlength="255" value="[%- mv.value -%]" />
+              [% ELSIF ( mv.type == 'hidden' ) %]
+                <input type="hidden" tabindex="1" id="[%- mv.id -%]" name="field_value" class="input_marceditor" size="50" maxlength="255" value="[%- mv.value -%]" />
+              [% ELSIF ( mv.type == 'textarea' ) %]
+                <textarea tabindex="1" id="[%- mv.id -%]" name="field_value" class="input_marceditor" size="50" maxlength="255">[%- mv.value -%]"</textarea>
+              [%- END -%]
+
+              [% UNLESS ( ite.mandatory ) %]
+                <input type="checkbox" id="row[% ite.tag %][% ite.subfield %][% ite.random %]" title="Check to delete subfield [% ite.subfield %]" name="disable_input" value="[% ite.subfield %]" />
+              [% ELSE %]
+                <span class="required">Required</span>
+              [% END %]
+
+              <input type="hidden" name="tag"       value="[% ite.tag %]" />
+              <input type="hidden" name="subfield"       value="[% ite.subfield %]" />
+              <input type="hidden" name="mandatory"       value="[% ite.mandatory %]" />
+              [% IF ( ite.repeatable ) %]
+                <a href="#" class="buttonPlus" onclick="CloneItemSubfield(this.parentNode); return false;">
+                  <img src="[% interface %]/[% theme %]/img/clone-subfield.png" alt="Clone" title="Clone this subfield" />
+                </a>
+              [% END %]
+              <span class="hint" id="hint[% ite.tag %][% ite.subfield %][% ite.random %]"></span>
+            </div>
+          </li>
         [% END %]
     </ol>
     </fieldset>
     <fieldset class="action">    
    <div id="jobpanel">
-       <div id="jobstatus">Job progress: <div id="jobprogress"></div> <span id="jobprogresspercent">0</span>%</div>
+       <div id="jobstatus" class="progress_panel">Job progress: <div id="jobprogress"></div> <span id="jobprogresspercent">0</span>%</div>
        <div id="jobfailed"></div>
    </div>
-   <input type="submit" name="mainformsubmit" value="Save" onclick="return submitBackgroundJob(this.form);" />
-         <a href="/cgi-bin/koha/tools/batchMod.pl" class="cancel" onclick="history.back();return false;">Cancel</a>
+   <input type="submit" id="mainformsubmit" value="Save" />
+         <a href="/cgi-bin/koha/tools/batchMod.pl" class="cancel">Cancel</a>
     </fieldset>
 </div>
 [% ELSE %]
@@ -246,11 +265,11 @@ $(document).ready(function(){
 [% ELSE %] <!-- // show -->
 <fieldset class="action">
 [% IF src == 'CATALOGUING' # from catalogue/detail.pl > Edit items in a batch%]
-   <a class="btn" href="/cgi-bin/koha/catalogue/detail.pl?biblionumber=[% biblionumber %]"><i class="fa fa-check-square-o"></i> Return to the record</a>
+   <a class="btn btn-default" href="/cgi-bin/koha/catalogue/detail.pl?biblionumber=[% biblionumber %]"><i class="fa fa-check-square-o"></i> Return to the record</a>
 [% ELSIF src %]
-   <a class="btn" href="[% src %]"><i class="fa fa-check-square-o"></i> Return to where you were</a>
+   <a class="btn btn-default" href="[% src %]"><i class="fa fa-check-square-o"></i> Return to where you were</a>
 [% ELSE %]
-   <a class="btn" href="/cgi-bin/koha/tools/batchMod.pl"><i class="fa fa-check-square-o"></i> Return to batch item modification</a>
+   <a class="btn btn-default" href="/cgi-bin/koha/tools/batchMod.pl"><i class="fa fa-check-square-o"></i> Return to batch item modification</a>
 [% END %]
 </fieldset>