=cut
my $input = new CGI;
+
+# if OpacTopissue is disabled, leave immediately
+if ( ! C4::Context->preference('OpacTopissue') ) {
+ print $input->redirect("/cgi-bin/koha/errors/404.pl");
+ exit;
+}
+
my $branches = GetBranches();
my $itemtypes = GetItemTypes();
});
my $dbh = C4::Context->dbh;
# Displaying results
-my $limit = $input->param('limit') || 10;
+my $limit = $input->param('limit');
+$limit = 10 unless ($limit && $limit =~ /^\d+$/); # control user input for SQL query
+$limit = 100 if $limit > 100;
my $branch = $input->param('branch') || '';
my $itemtype = $input->param('itemtype') || '';
my $timeLimit = $input->param('timeLimit') || 3;
GROUP BY biblio.biblionumber
HAVING tot >0
ORDER BY tot DESC
- LIMIT $limit
+ LIMIT ?
";
$template->param(ccodesearch => 1);
}else{
GROUP BY biblio.biblionumber
HAVING tot >0
ORDER BY tot DESC
- LIMIT $limit
+ LIMIT ?
";
$template->param(itemtypesearch => 1);
}
my $sth = $dbh->prepare($query);
-$sth->execute();
+$sth->execute($limit);
my @results;
while (my $line= $sth->fetchrow_hashref) {
push @results, $line;
$template->param(do_it => 1,
limit => $limit,
- branch => $branches->{$branch}->{branchname} || 'all locations',
- itemtype => $itemtypes->{$itemtype}->{description} || 'item types',
+ branch => $branches->{$branch}->{branchname},
+ itemtype => $itemtypes->{$itemtype}->{description},
timeLimit => $timeLimit,
- timeLimitFinite => $timeLimit,
+ timeLimitFinite => $timeLimitFinite,
results_loop => \@results,
);
-$template->param( branchloop => GetBranchesLoop(C4::Context->userenv->{'branch'}));
+$template->param( branchloop => GetBranchesLoop(C4::Context->userenv?C4::Context->userenv->{'branch'}:''));
# the index parameter is different for item-level itemtypes
my $itype_or_itemtype = (C4::Context->preference("item-level_itypes"))?'itype':'itemtype';
} else {
my $advsearchtypes = GetAuthorisedValues($advanced_search_types, '', 'opac');
for my $thisitemtype (@$advsearchtypes) {
- my $selected = 1 if $thisitemtype->{authorised_value} eq $itemtype;
+ my $selected;
+ $selected = 1 if $thisitemtype->{authorised_value} eq $itemtype;
my %row =( value => $thisitemtype->{authorised_value},
selected => $thisitemtype eq $itemtype,
description => $thisitemtype->{'lib'},
$template->param(
itemtypeloop =>\@itemtypesloop,
- dateformat => C4::Context->preference("dateformat"),
);
output_html_with_http_headers $input, $cookie, $template->output;