X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;f=opac%2Fopac-topissues.pl;h=cdb572a6439eb1ee903db0672ab7d90a4eb4545f;hb=5d170aa26865ee308f9d44992ea9f8eb9c6e0c19;hp=38c6df0b24382f9f84d92fd1a838dd9225ec63e8;hpb=8101d83af67f696fc12cc1830d9b51fd120ef6a4;p=koha.git

diff --git a/opac/opac-topissues.pl b/opac/opac-topissues.pl
index 38c6df0b24..cdb572a643 100755
--- a/opac/opac-topissues.pl
+++ b/opac/opac-topissues.pl
@@ -40,6 +40,13 @@ plugin that shows a stats on borrowers
 =cut
 
 my $input = new CGI;
+
+# if OpacTopissue is disabled, leave immediately
+if ( ! C4::Context->preference('OpacTopissue') ) {
+    print $input->redirect("/cgi-bin/koha/errors/404.pl");
+    exit;
+}
+
 my $branches = GetBranches();
 my $itemtypes = GetItemTypes();
 
@@ -52,8 +59,14 @@ my ($template, $borrowernumber, $cookie)
 				});
 my $dbh = C4::Context->dbh;
 # Displaying results
-my $limit = $input->param('limit') || 10;
+my $do_it = $input->param('do_it') || 0; # as form been posted
+my $limit = $input->param('limit');
+$limit = 10 unless ($limit && $limit =~ /^\d+$/); # control user input for SQL query
+$limit = 100 if $limit > 100;
 my $branch = $input->param('branch') || '';
+if (!$do_it && C4::Context->userenv && C4::Context->userenv->{'branch'} ) {
+    $branch = C4::Context->userenv->{'branch'}; # select user branch by default
+}
 my $itemtype = $input->param('itemtype') || '';
 my $timeLimit = $input->param('timeLimit') || 3;
 my $advanced_search_types = C4::Context->preference('AdvancedSearchTypes');
@@ -80,7 +93,7 @@ if($advanced_search_types eq 'ccode'){
                     GROUP BY biblio.biblionumber
                     HAVING tot >0
                     ORDER BY tot DESC
-                    LIMIT $limit
+                    LIMIT ?
                     ";
     $template->param(ccodesearch => 1);
 }else{
@@ -105,13 +118,13 @@ if($advanced_search_types eq 'ccode'){
                     GROUP BY biblio.biblionumber
                     HAVING tot >0
                     ORDER BY tot DESC
-                    LIMIT $limit
+                    LIMIT ?
                     ";
      $template->param(itemtypesearch => 1);
 }
 
 my $sth = $dbh->prepare($query);
-$sth->execute();
+$sth->execute($limit);
 my @results;
 while (my $line= $sth->fetchrow_hashref) {
     push @results, $line;
@@ -129,7 +142,7 @@ $template->param(do_it => 1,
                 results_loop => \@results,
                 );
 
-$template->param( branchloop => GetBranchesLoop(C4::Context->userenv?C4::Context->userenv->{'branch'}:''));
+$template->param( branchloop => GetBranchesLoop($branch));
 
 # the index parameter is different for item-level itemtypes
 my $itype_or_itemtype = (C4::Context->preference("item-level_itypes"))?'itype':'itemtype';