Bug 12740 - Data Validation followup

Added server-side validation and feedback to Koha news.

TEST PLAN
---------
1) Log in to staff client as someone who can add news
2) Paste a variation of the ugly following URL into your
   address bar:

https://demo.library-admin.kohasystem.ca/cgi-bin/koha/tools/koha-news.pl?op=add&lang=&branch=&title=&from=&to=&number=&new=

   -- A blank news item is added without warning!
3) Apply patch
4) Repeat step 2
   -- "ERROR: Required news title missing!" is displayed
      and no blank news is added
5) run koha qa test tools

Followed test plan, Error message appears as expected, qa test tool: OK
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/koha-news.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/koha-news.tt
index e1159f8..dda0738 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/koha-news.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/koha-news.tt
@@ -60,6 +60,7 @@ Edit news item[% ELSE %]Add news item[% END %][% ELSE %]News[% END %]</div>
        <div class="yui-b">
 
 [% UNLESS ( add_form ) %]
+    [% IF (error_message) %]<p>[% error_message %]</p>[% END %]
 <div id="toolbar" class="btn-toolbar">
     <a class="btn btn-small" id="newentry" href="/cgi-bin/koha/tools/koha-news.pl?op=add_form&amp;lang=[% lang %]"><i class="icon-plus"></i> New entry</a>
 </div>

diff --git a/tools/koha-news.pl b/tools/koha-news.pl
index a07b3d4..42dd149 100755 (executable)
--- a/tools/koha-news.pl
+++ b/tools/koha-news.pl
@@ -45,6 +45,8 @@ my $timestamp      = format_date_in_iso($cgi->param('timestamp'));
 my $number         = $cgi->param('number');
 my $lang           = $cgi->param('lang');
 my $branchcode     = $cgi->param('branch');
+my $error_message  = $cgi->param('error_message');
+
 # Foreign Key constraints work with NULL, not ''
 # NULL = All branches.
 $branchcode = undef if (defined($branchcode) && $branchcode eq '');
@@ -62,6 +64,9 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
     }
 );
 
+# Pass error message if there is one.
+$template->param( error_message => $error_message ) if $error_message;
+
 # get lang list
 my @lang_list;
 my $tlangs = getTranslatedLanguages() ;
@@ -99,18 +104,23 @@ if ( $op eq 'add_form' ) {
     }
 }
 elsif ( $op eq 'add' ) {
-    add_opac_new(
-        {
-            title          => $title,
-            new            => $new,
-            lang           => $lang,
-            expirationdate => $expirationdate,
-            timestamp      => $timestamp,
-            number         => $number,
-            branchcode     => $branchcode,
-        }
-    );
-    print $cgi->redirect("/cgi-bin/koha/tools/koha-news.pl");
+    if ($title) {
+        add_opac_new(
+            {
+                title          => $title,
+                new            => $new,
+                lang           => $lang,
+                expirationdate => $expirationdate,
+                timestamp      => $timestamp,
+                number         => $number,
+                branchcode     => $branchcode,
+            }
+        );
+        print $cgi->redirect("/cgi-bin/koha/tools/koha-news.pl");
+    }
+    else {
+        print $cgi->redirect("/cgi-bin/koha/tools/koha-news.pl?error_message=ERROR:+Required+news+title+missing!");
+    }
 }
 elsif ( $op eq 'edit' ) {
     upd_opac_new(