Bug 17021: Fix XSS in circ/returns.pl
[koha.git] / admin / printers.pl
blob9e0163bc7796eb77e7e93fc87535a953592ed8fe
1 #!/usr/bin/perl
3 #script to administer the aqbudget table
4 #written 20/02/2002 by paul.poulain@free.fr
5 # This software is placed under the gnu General Public License, v2 (http://www.gnu.org/licenses/gpl.html)
7 # ALGO :
8 # this script use an $op to know what to do.
9 # if $op is empty or none of the above values,
10 # - the default screen is build (with all records, or filtered datas).
11 # - the user can clic on add, modify or delete record.
12 # if $op=add_form
13 # - if primkey exists, this is a modification,so we read the $primkey record
14 # - builds the add/modify form
15 # if $op=add_validate
16 # - the user has just send datas, so we create/modify the record
17 # if $op=delete_form
18 # - we show the record having primkey=$primkey and ask for deletion validation form
19 # if $op=delete_confirm
20 # - we delete the record having primkey=$primkey
23 # Copyright 2000-2002 Katipo Communications
25 # This file is part of Koha.
27 # Koha is free software; you can redistribute it and/or modify it
28 # under the terms of the GNU General Public License as published by
29 # the Free Software Foundation; either version 3 of the License, or
30 # (at your option) any later version.
32 # Koha is distributed in the hope that it will be useful, but
33 # WITHOUT ANY WARRANTY; without even the implied warranty of
34 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
35 # GNU General Public License for more details.
37 # You should have received a copy of the GNU General Public License
38 # along with Koha; if not, see <http://www.gnu.org/licenses>.
40 use strict;
41 #use warnings; FIXME - Bug 2505
42 use CGI qw ( -utf8 );
43 use C4::Context;
44 use C4::Output;
45 use C4::Auth;
47 sub StringSearch {
48 my ($searchstring,$type)=@_; # why bother with $type if we don't use it?!
49 $searchstring=~ s/\'/\\\'/g;
50 my @data=split(' ',$searchstring);
51 my $sth = C4::Context->dbh->prepare("
52 SELECT printername,printqueue,printtype from printers
53 WHERE (printername like ?) order by printername
54 ");
55 $sth->execute("$data[0]%");
56 my $data=$sth->fetchall_arrayref({});
57 return (scalar(@$data),$data);
60 my $input = new CGI;
61 my $searchfield=$input->param('searchfield');
62 #my $branchcode=$input->param('branchcode');
63 my $offset=$input->param('offset') || 0;
64 my $script_name="/cgi-bin/koha/admin/printers.pl";
66 my $pagesize=20;
67 my $op = $input->param('op');
68 $searchfield=~ s/\,//g;
70 my ($template, $loggedinuser, $cookie) = get_template_and_user(
72 template_name => "admin/printers.tt",
73 query => $input,
74 type => "intranet",
75 authnotrequired => 0,
76 flagsrequired => {parameters => 'parameters_remaining_permissions'},
77 debug => 1,
81 $template->param(searchfield => $searchfield,
82 script_name => $script_name);
84 #start the page and read in includes
86 my $dbh = C4::Context->dbh;
87 ################## ADD_FORM ##################################
88 # called by default. Used to create form to add or modify a record
89 if ($op eq 'add_form') {
90 $template->param(add_form => 1);
91 #---- if primkey exists, it's a modify action, so read values to modify...
92 my $data;
93 if ($searchfield) {
94 my $sth=$dbh->prepare("SELECT printername,printqueue,printtype from printers where printername=?");
95 $sth->execute($searchfield);
96 $data=$sth->fetchrow_hashref;
99 $template->param(printqueue => $data->{'printqueue'},
100 printtype => $data->{'printtype'});
101 # END $OP eq ADD_FORM
102 ################## ADD_VALIDATE ##################################
103 # called by add_form, used to insert/modify data in DB
104 } elsif ($op eq 'add_validate') {
105 $template->param(add_validate => 1);
106 if ($input->param('add')){
107 my $sth=$dbh->prepare("INSERT INTO printers (printername,printqueue,printtype) VALUES (?,?,?)");
108 $sth->execute($input->param('printername'),$input->param('printqueue'),$input->param('printtype'));
109 } else {
110 my $sth=$dbh->prepare("UPDATE printers SET printqueue=?,printtype=? WHERE printername=?");
111 $sth->execute($input->param('printqueue'),$input->param('printtype'),$input->param('printername'));
113 # END $OP eq ADD_VALIDATE
114 ################## DELETE_CONFIRM ##################################
115 # called by default form, used to confirm deletion of data in DB
116 } elsif ($op eq 'delete_confirm') {
117 $template->param(delete_confirm => 1);
118 my $sth=$dbh->prepare("select printername,printqueue,printtype from printers where printername=?");
119 $sth->execute($searchfield);
120 my $data=$sth->fetchrow_hashref;
121 $template->param(printqueue => $data->{'printqueue'},
122 printtype => $data->{'printtype'});
123 # END $OP eq DELETE_CONFIRM
124 ################## DELETE_CONFIRMED ##################################
125 # called by delete_confirm, used to effectively confirm deletion of data in DB
126 } elsif ($op eq 'delete_confirmed') {
127 $template->param(delete_confirmed => 1);
128 my $sth=$dbh->prepare("delete from printers where printername=?");
129 $sth->execute($searchfield);
130 # END $OP eq DELETE_CONFIRMED
131 ################## DEFAULT ###########################################
132 } else { # DEFAULT
133 $template->param(else => 1);
134 my ($count,$results)=StringSearch($searchfield,'web');
135 my $max = ($offset+$pagesize < $count) ? $offset+$pagesize : $count;
136 my @loop = (@$results)[$offset..$max];
138 $template->param(loop => \@loop);
140 if ($offset>0) {
141 $template->param(offsetgtzero => 1,
142 prevpage => $offset-$pagesize);
144 if ($offset+$pagesize<$count) {
145 $template->param(ltcount => 1,
146 nextpage => $offset+$pagesize);
149 } #---- END $OP eq DEFAULT
151 output_html_with_http_headers $input, $cookie, $template->output;