-<!-- TMPL_INCLUDE name="doc-head-open.inc" --><!-- TMPL_IF NAME="LibraryNameTitle" --><!-- TMPL_VAR NAME="LibraryNameTitle" --><!-- TMPL_ELSE -->Koha Online<!-- /TMPL_IF --> Catalog › Library Home for <!-- TMPL_LOOP name="BORROWER_INFO" --><!-- TMPL_VAR name="firstname" --> <!-- TMPL_VAR name="surname" --><!-- /TMPL_LOOP -->
+<!-- TMPL_INCLUDE name="doc-head-open.inc" --><!-- TMPL_VAR NAME="LibraryNameTitle" DEFAULT="Koha Online" --> Catalog › Comments on <!--TMPL_VAR NAME="title" -->
<!-- TMPL_INCLUDE NAME="doc-head-close.inc" -->
- <style type="text/css">
- #custom-doc { width:37.08em;*width:36.16em;min-width:485px; margin:1em auto; text-align:left; }
- </style>
- </head>
- <body id="comment">
- <div id="custom-doc" class="yui-t7">
-<div class="container">
-<form id="reviewf" action="/cgi-bin/koha/opac-review.pl" method="post">
- <input type="hidden" name="biblionumber" value="<!-- TMPL_VAR NAME="biblionumber" -->" />
- <input type="hidden" name="type" value="<!-- TMPL_VAR NAME="type" -->" />
- <fieldset class="brief">
- <legend>Comments on <i><!--TMPL_VAR NAME="title" --> <!-- TMPL_VAR NAME="subtitle" --></i><!-- TMPL_IF NAME="author" -->by <!-- TMPL_VAR NAME="author" --><!-- /TMPL_IF --></legend>
- <ol><li><textarea id="review" name="review" cols="60" rows="8"><!--TMPL_VAR NAME="review"--></textarea></li></ol>
- </fieldset>
- <p>Note: Your comment must be approved by a librarian. </p>
- <fieldset class="action"> <input type="submit" value="Submit and close this window" /> <a class="cancel close" href="#">Cancel</a></fieldset>
-</form></div>
+<style type="text/css">
+ #custom-doc { width:37.08em;*width:36.16em;min-width:485px; margin:1em auto; text-align:left; }
+</style>
<script type="text/JavaScript" language="JavaScript">
//<![CDATA[
$(document).ready(function() {
- $('#reviewf').submit( function() {
+ var inject_old = function(comment) {
<!-- TMPL_IF NAME="reviewid" -->
+ <!-- TMPL_IF NAME="cgi_debug" -->alert("injecting OLD comment: " +comment);<!-- /TMPL_IF -->
parent.opener.$('#c<!-- TMPL_VAR NAME="reviewid" --> p').prev("small").prev("h5").html("Your Edited Comment (preview, pending approval)");
- parent.opener.$('#c<!-- TMPL_VAR NAME="reviewid" --> p').html($("#review").val().replace(/&/g,'&').replace(/</g,'<').replace(/>/g,'>'));
+ parent.opener.$('#c<!-- TMPL_VAR NAME="reviewid" --> p').html(comment);
parent.opener.$('#c<!-- TMPL_VAR NAME="reviewid" --> p').append(" <a href=\"#comment\" onclick=\"Dopop(\'/cgi-bin/koha/opac-review.pl?biblionumber=<!-- TMPL_VAR NAME="biblionumber"-->&reviewid=<!-- TMPL_VAR NAME="reviewid" -->\');\">Edit</a>");
- window.close();
- <!-- TMPL_ELSE -->
+ <!-- /TMPL_IF -->
+ return 1;
+ };
+ var inject_new = function(comment) {
+ <!-- TMPL_IF NAME="cgi_debug" -->alert("injecting NEW comment: " +comment);<!-- /TMPL_IF -->
parent.opener.$('#newcomment').attr("class","yours");
- parent.opener.$('#newcomment').html("<h5>Your Comment (preview, pending approval)</h5>");
- parent.opener.$('#newcomment').append("<p>"+$("#review").val().replace(/&/g,'&').replace(/</g,'<').replace(/>/g,'>'));
- parent.opener.$('#newcomment p').append(" <a href=\"#comment\" onclick=\"Dopop(\'/cgi-bin/koha/opac-review.pl?biblionumber=<!-- TMPL_VAR NAME="biblionumber"-->&reviewid=<!-- TMPL_VAR NAME="reviewid" -->\');\">Edit</a></p>");
+ parent.opener.$('#newcomment').html(
+ "<h5>Your Comment (preview, pending approval)</h5>" +
+ "<p>"+comment+"</p>" +
+ "<a href=\"#comment\" onclick=\"Dopop(\'/cgi-bin/koha/opac-review.pl?biblionumber=<!-- TMPL_VAR NAME="biblionumber"-->\');\">Edit</a></p>"
+ );
parent.opener.$("#addcomment").prev("p").remove();
parent.opener.$("#addcomment").remove();
- window.close();
+ };
+ <!-- TMPL_IF NAME="clean_review" -->
+ var clean_review = "<!-- TMPL_VAR NAME="clean_review" ESCAPE=JS -->"; // TMPL var must not contain " quotes.
+ <!-- TMPL_IF NAME="reviewid" -->
+ inject_old(clean_review);
+ <!-- TMPL_ELSE -->
+ inject_new(clean_review);
+ <!-- /TMPL_IF -->
+ <!-- /TMPL_IF -->
+ <!-- TMPL_IF NAME="WINDOW_CLOSE" -->
+ <!-- TMPL_IF NAME="ERRORS" -->
+ setTimeout("window.close()",5000); // flash this page, then close. Change warning in template if you change this value.
+ <!-- TMPL_ELSE -->
+ window.close();
<!-- /TMPL_IF -->
- });
+ <!-- /TMPL_IF -->
+ // $('#reviewf').submit(function() {});
});
//]]>
</script>
+</head>
+<body id="comment">
+<div id="custom-doc" class="yui-t7">
+<div class="container">
+<!-- TMPL_IF NAME="ERRORS" -->
+ <div class="error">
+ <!-- TMPL_LOOP NAME="ERRORS" -->
+ <p>
+ <!-- TMPL_IF NAME="scrubbed" -->Note: your comment contained illegal markup code.
+ It has been saved with the markup removed, as below.
+ You can edit the comment further, or cancel to retain the comment as is.
+ <!-- /TMPL_IF -->
+ <!-- TMPL_IF NAME="scrubbed_all" -->Error! Your comment was entirely illegal markup code. It has NOT been added.<!-- /TMPL_IF -->
+ <!-- TMPL_IF NAME="empty" -->Error! You cannot add an empty comment. Please add content or cancel.<!-- /TMPL_IF -->
+ </p>
+ <!-- /TMPL_LOOP -->
+ <!-- TMPL_IF NAME="WINDOW_CLOSE" -->Note: this window will close automatically in 5 seconds<!-- /TMPL_IF -->
+ </div>
+<!-- /TMPL_IF -->
+<form id="reviewf" action="/cgi-bin/koha/opac-review.pl" method="post">
+ <input type="hidden" name="biblionumber" value="<!-- TMPL_VAR NAME="biblionumber" -->" />
+ <fieldset class="brief">
+ <legend>Comments on <i><!--TMPL_VAR NAME="title" --> <!-- TMPL_VAR NAME="subtitle" --></i><!-- TMPL_IF NAME="author" -->by <!-- TMPL_VAR NAME="author" --><!-- /TMPL_IF --></legend>
+ <ol><li><textarea id="review" name="review" cols="60" rows="8"><!--TMPL_VAR NAME="review"--></textarea></li></ol>
+ </fieldset>
+ <p>Note: Your comment must be approved by a librarian. </p>
+ <fieldset class="action"> <input type="submit" value="Submit and close this window" /> <a class="cancel close" href="#">Cancel</a></fieldset>
+</form></div>
</div>
-
</body>
</html>
-
# Suite 330, Boston, MA 02111-1307 USA
use strict;
-require Exporter;
+use warnings;
use CGI;
use C4::Auth;
use C4::Koha;
use C4::Output;
-use C4::Circulation;
use C4::Review;
use C4::Biblio;
+use C4::Scrubber;
+use C4::Debug;
my $query = new CGI;
my $biblionumber = $query->param('biblionumber');
-my $type = $query->param('type');
my $review = $query->param('review');
-my $reviewid = $query->param('reviewid');
my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
{
template_name => "opac-review.tmpl",
}
);
-my $biblio = GetBiblioData( $biblionumber);
+# FIXME: need to allow user to delete their own comment(s)
-my $savedreview = getreview( $biblionumber, $borrowernumber );
-if ( $type eq 'save' ) {
- savereview( $biblionumber, $borrowernumber, $review );
+my $biblio = GetBiblioData($biblionumber);
+my $savedreview = getreview($biblionumber,$borrowernumber);
+my ($clean, @errors);
+if (defined $review) {
+ if ($review !~ /\S/) {
+ push @errors, {empty=>1};
+ } else {
+ $clean = C4::Scrubber->new('comment')->scrub($review);
+ if ($clean !~ /\S/) {
+ push @errors, {scrubbed_all=>1};
+ } else {
+ if ($clean ne $review) {
+ push @errors, {scrubbed=>$clean};
+ my $js_ok_review = $clean;
+ $js_ok_review =~ s/"/"/g; # probably redundant w/ TMPL ESCAPE=JS
+ $template->param(clean_review=>$js_ok_review);
+ }
+ if ($savedreview) {
+ updatereview($biblionumber, $borrowernumber, $clean);
+ } else {
+ savereview($biblionumber, $borrowernumber, $clean);
+ }
+ unless (@errors){ $template->param(WINDOW_CLOSE=>1); }
+ }
+ }
}
-elsif ( $type eq 'update' ) {
- updatereview( $biblionumber, $borrowernumber, $review );
-}
-$type = ($savedreview) ? "update" : "save";
+(@errors ) and $template->param( ERRORS=>\@errors);
+($cgi_debug) and $template->param(cgi_debug=>1 );
$template->param(
'biblionumber' => $biblionumber,
'borrowernumber' => $borrowernumber,
- 'type' => $type,
- 'review' => $savedreview->{'review'},
- 'reviewid' => $reviewid,
+ 'review' => $clean || $savedreview->{'review'},
+ 'reviewid' => $query->param('reviewid') || 0,
'title' => $biblio->{'title'},
);