Bug 17365: Fix XSS in moremember.pl and memberentry.pl
[koha.git] / admin / edi_accounts.pl
blobd084b71da27ae693d2f5357f5d68c950dfbed891
1 #!/usr/bin/perl
3 # Copyright 2011,2014 Mark Gavillet & PTFS Europe Ltd
5 # This file is part of Koha.
7 # Koha is free software; you can redistribute it and/or modify it under the
8 # terms of the GNU General Public License as published by the Free Software
9 # Foundation; either version 3 of the License, or (at your option) any later
10 # version.
12 # Koha is distributed in the hope that it will be useful, but WITHOUT ANY
13 # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
14 # A PARTICULAR PURPOSE. See the GNU General Public License for more details.
16 # You should have received a copy of the GNU General Public License along
17 # with Koha; if not, write to the Free Software Foundation, Inc.,
18 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
20 use strict;
21 use warnings;
22 use CGI;
23 use C4::Auth;
24 use C4::Output;
25 use Koha::Database;
26 use Koha::Plugins;
28 our $input = CGI->new();
29 our $schema = Koha::Database->new()->schema();
31 our ( $template, $loggedinuser, $cookie ) = get_template_and_user(
33 template_name => 'admin/edi_accounts.tt',
34 query => $input,
35 type => 'intranet',
36 authnotrequired => 0,
37 flagsrequired => { acquisition => 'edi_manage' },
41 my $op = $input->param('op');
42 $op ||= 'display';
44 if ( $op eq 'acct_form' ) {
45 show_account();
46 $template->param( acct_form => 1 );
47 my @vendors = $schema->resultset('Aqbookseller')->search(
48 undef,
50 columns => [ 'name', 'id' ],
51 order_by => { -asc => 'name' }
54 $template->param( vendors => \@vendors );
56 my $plugins_enabled = C4::Context->preference('UseKohaPlugins') && C4::Context->config("enable_plugins");
57 $template->param( plugins_enabled => $plugins_enabled );
59 if ( $plugins_enabled ) {
60 my @plugins = Koha::Plugins->new()->GetPlugins('edifact');
61 $template->param( plugins => \@plugins );
64 elsif ( $op eq 'delete_confirm' ) {
65 show_account();
66 $template->param( delete_confirm => 1 );
68 else {
69 if ( $op eq 'save' ) {
71 # validate & display
72 my $id = $input->param('id');
73 my $fields = {
74 description => $input->param('description'),
75 host => $input->param('host'),
76 username => $input->param('username'),
77 password => $input->param('password'),
78 vendor_id => $input->param('vendor_id'),
79 upload_directory => $input->param('upload_directory'),
80 download_directory => $input->param('download_directory'),
81 san => $input->param('san'),
82 transport => $input->param('transport'),
83 quotes_enabled => defined $input->param('quotes_enabled'),
84 invoices_enabled => defined $input->param('invoices_enabled'),
85 orders_enabled => defined $input->param('orders_enabled'),
86 responses_enabled => defined $input->param('responses_enabled'),
87 auto_orders => defined $input->param('auto_orders'),
88 id_code_qualifier => $input->param('id_code_qualifier'),
89 plugin => $input->param('plugin'),
92 if ($id) {
93 $schema->resultset('VendorEdiAccount')->search(
95 id => $id,
97 )->update_all($fields);
99 else { # new record
100 $schema->resultset('VendorEdiAccount')->create($fields);
103 elsif ( $op eq 'delete_confirmed' ) {
105 $schema->resultset('VendorEdiAccount')
106 ->search( { id => $input->param('id'), } )->delete_all;
109 # we do a default dispaly after deletes and saves
110 # as well as when thats all you want
111 $template->param( display => 1 );
112 my @ediaccounts = $schema->resultset('VendorEdiAccount')->search(
115 join => 'vendor',
118 $template->param( ediaccounts => \@ediaccounts );
121 $template->param(
122 code_qualifiers => [
124 code => '14',
125 description => 'EAN International',
128 code => '31B',
129 description => 'US SAN Agency',
132 code => '91',
133 description => 'Assigned by supplier',
136 code => '92',
137 description => 'Assigned by buyer',
142 output_html_with_http_headers( $input, $cookie, $template->output );
144 sub get_account {
145 my $id = shift;
147 my $account = $schema->resultset('VendorEdiAccount')->find($id);
148 if ($account) {
149 return $account;
152 # passing undef will default to add
153 return;
156 sub show_account {
157 my $acct_id = $input->param('id');
158 if ($acct_id) {
159 my $acct = $schema->resultset('VendorEdiAccount')->find($acct_id);
160 if ($acct) {
161 $template->param( account => $acct );
164 return;