projects / koha.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Bug 19112 - Stored XSS in basketheader.pl page
[koha.git] / members / notices.pl
diff --git a/members/notices.pl b/members/notices.pl
index 6861825..9f0ab11 100755 (executable)
--- a/members/notices.pl
+++ b/members/notices.pl
@@ -25,17 +25,20 @@ use C4::Auth;
 use C4::Output;
 use CGI qw ( -utf8 );
 use C4::Members;
-use C4::Branch;
 use C4::Letters;
 use C4::Members::Attributes qw(GetBorrowerAttributes);
+use Koha::Patrons;
 
-use C4::Dates qw/format_date/;
 my $input=new CGI;
 
 
 my $borrowernumber = $input->param('borrowernumber');
-#get borrower details
-my $borrower = GetMember(borrowernumber => $borrowernumber);
+my $patron = Koha::Patrons->find( $borrowernumber );
+unless ( $patron ) {
+    print $input->redirect("/cgi-bin/koha/circ/circulation.pl?borrowernumber=$borrowernumber");
+    exit;
+}
+my $borrower = $patron->unblessed;
 
 my ($template, $loggedinuser, $cookie)
 = get_template_and_user({template_name => "members/notices.tt",
@@ -47,12 +50,22 @@ my ($template, $loggedinuser, $cookie)
                                });
 
 $template->param( $borrower );
-my ($picture, $dberror) = GetPatronImage($borrower->{'borrowernumber'});
-$template->param( picture => 1 ) if $picture;
+$template->param( picture => 1 ) if $patron->image;
+
+# Allow resending of messages in Notices tab
+my $op = $input->param('op') || q{};
+if ( $op eq 'resend_notice' ) {
+    my $message_id = $input->param('message_id');
+    my $message = C4::Letters::GetMessage( $message_id );
+    if ( $message->{borrowernumber} = $borrowernumber ) {
+        C4::Letters::ResendMessage( $message_id );
+        # redirect to self to avoid form submission on refresh
+        print $input->redirect("/cgi-bin/koha/members/notices.pl?borrowernumber=$borrowernumber");
+    }
+}
 
 # Getting the messages
 my $queued_messages = C4::Letters::GetQueuedMessages({borrowernumber => $borrowernumber});
-$template->param( %{$borrower} );
 
 if (C4::Context->preference('ExtendedPatronAttributes')) {
     my $attributes = GetBorrowerAttributes($borrowernumber);
@@ -62,19 +75,14 @@ if (C4::Context->preference('ExtendedPatronAttributes')) {
     );
 }
 
-# Computes full borrower address
-my $roadtype = C4::Koha::GetAuthorisedValueByCode( 'ROADTYPE', $borrower->{'streettype'} );
-my $address = $borrower->{'streetnumber'} . " $roadtype " . $borrower->{'address'};
-
+$template->param(%$borrower);
+$template->param( adultborrower => 1 ) if ( $borrower->{category_type} eq 'A' || $borrower->{category_type} eq 'I' );
 $template->param(
-                       QUEUED_MESSAGES         => $queued_messages,
-                       borrowernumber          => $borrowernumber,
-                       sentnotices             => 1,
-                        branchname              => GetBranchName($borrower->{'branchcode'}),
-                        categoryname            => $borrower->{'description'},
-                        address                 => $address,
-                       activeBorrowerRelationship => (C4::Context->preference('borrowerRelationship') ne ''),
-            RoutingSerials => C4::Context->preference('RoutingSerials'),
+    QUEUED_MESSAGES    => $queued_messages,
+    borrowernumber     => $borrowernumber,
+    sentnotices        => 1,
+    categoryname       => $patron->category->description,
+    RoutingSerials => C4::Context->preference('RoutingSerials'),
 );
 output_html_with_http_headers $input, $cookie, $template->output;
 
Koha ILS @ FFZG - based on git://git.koha.org/pub/scm/koha.git