Bug 25898: Prohibit indirect object notation
[koha.git] / opac / opac-alert-subscribe.pl
blob08226e5cb34dca100abc3b6b550f173bd289ccd7
1 #!/usr/bin/perl
3 # Copyright 2000-2002 Katipo Communications
5 # This file is part of Koha.
7 # Koha is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by
9 # the Free Software Foundation; either version 3 of the License, or
10 # (at your option) any later version.
12 # Koha is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
17 # You should have received a copy of the GNU General Public License
18 # along with Koha; if not, see <http://www.gnu.org/licenses>.
21 use Modern::Perl;
22 use CGI qw ( -utf8 );
23 use C4::Auth;
24 use C4::Output;
25 use C4::Context;
26 use C4::Koha;
27 use C4::Letters;
28 use C4::Serials;
31 my $query = CGI->new;
32 my $op = $query->param('op') || '';
33 my $dbh = C4::Context->dbh;
35 my ( $template, $loggedinuser, $cookie );
36 my $subscriptionid = $query->param('subscriptionid');
37 my $referer = $query->param('referer') || 'detail';
38 my $biblionumber = $query->param('biblionumber');
40 ( $template, $loggedinuser, $cookie ) = get_template_and_user(
42 template_name => "opac-alert-subscribe.tt",
43 query => $query,
44 type => "opac",
45 authnotrequired => 0, # user must logged in to request
46 # subscription notifications
47 debug => 1,
51 my $subscription = Koha::Subscriptions->find( $subscriptionid );
52 my $logged_in_patron = Koha::Patrons->find( $loggedinuser );
54 if ( $op eq 'alert_confirmed' ) {
55 $subscription->add_subscriber( $logged_in_patron );
56 if ( $referer eq 'serial' ) {
57 print $query->redirect(
58 "opac-serial-issues.pl?biblionumber=$biblionumber");
59 exit;
60 } else {
61 print $query->redirect(
62 "opac-detail.pl?biblionumber=$biblionumber");
63 exit;
66 elsif ( $op eq 'cancel_confirmed' ) {
67 $subscription->remove_subscriber( $logged_in_patron );
68 warn "CANCEL confirmed : $loggedinuser, $subscriptionid";
69 if ( $referer eq 'serial' ) {
70 print $query->redirect(
71 "opac-serial-issues.pl?biblionumber=$biblionumber");
72 exit;
73 } else {
74 print $query->redirect(
75 "opac-detail.pl?biblionumber=$biblionumber");
76 exit;
81 else {
82 my $subscription = &GetSubscription($subscriptionid);
83 $template->param(
84 referer => $referer,
85 "typeissue$op" => 1,
86 bibliotitle => $subscription->{bibliotitle},
87 notes => $subscription->{notes},
88 subscriptionid => $subscriptionid,
89 biblionumber => $biblionumber,
92 output_html_with_http_headers $query, $cookie, $template->output, undef, { force_no_caching => 1 };