Bug 7618 Escape HTML special characters for SQL displayed above results in Report...
[koha.git] / acqui / basketheader.pl
blobb33e4ef694b3b6af3fe8928f5febaa86edc7a85d
1 #!/usr/bin/perl
3 #script to add basket and edit header options (name, notes and contractnumber)
4 #written by john.soros@biblibre.com 15/09/2008
6 # Copyright 2008 - 2009 BibLibre SARL
8 # This file is part of Koha.
10 # Koha is free software; you can redistribute it and/or modify it under the
11 # terms of the GNU General Public License as published by the Free Software
12 # Foundation; either version 2 of the License, or (at your option) any later
13 # version.
15 # Koha is distributed in the hope that it will be useful, but WITHOUT ANY
16 # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
17 # A PARTICULAR PURPOSE. See the GNU General Public License for more details.
19 # You should have received a copy of the GNU General Public License along
20 # with Koha; if not, write to the Free Software Foundation, Inc.,
21 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 =head1 NAME
25 basketheader.pl
27 =head1 DESCRIPTION
29 This script is used to edit the basket's "header", or add a new basket, the header contains the supplier ID,
30 notes to the supplier, local notes, and the contractnumber, which identifies the basket to a specific contract.
32 =head1 CGI PARAMETERS
34 =over 4
36 =item booksellerid
38 C<$booksellerid> is the id of the supplier we add the basket to.
40 =item basketid
42 If it exists, C<$basketno> is the basket we edit
44 =back
46 =cut
48 use strict;
49 use warnings;
50 use CGI;
51 use C4::Context;
52 use C4::Auth;
53 use C4::Output;
54 use C4::Acquisition qw/GetBasket NewBasket GetContracts ModBasketHeader/;
55 use C4::Bookseller qw/GetBookSellerFromId/;
58 my $input = new CGI;
59 my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
61 template_name => "acqui/basketheader.tmpl",
62 query => $input,
63 type => "intranet",
64 authnotrequired => 0,
65 flagsrequired => { acquisition => 'order_manage' },
66 debug => 1,
70 #parameters:
71 my $booksellerid;
72 $booksellerid = $input->param('booksellerid');
73 my $basketno = $input->param('basketno');
74 my $basket;
75 my $op = $input ->param('op');
76 my $is_an_edit= $input ->param('is_an_edit');
78 if ( $op eq 'add_form' ) {
79 my @contractloop;
80 if ( $basketno ) {
81 #this is an edit
82 $basket = GetBasket($basketno);
83 if (! $booksellerid) {
84 $booksellerid=$basket->{'booksellerid'};
86 @contractloop = &GetContracts($booksellerid, 1);
87 for (@contractloop) {
88 if ( $basket->{'contractnumber'} eq $_->{'contractnumber'} ) {
89 $_->{'selected'} = 1;
92 $template->param( is_an_edit => 1);
93 } else {
94 #new basket
95 my $basket;
96 push(@contractloop, &GetContracts($booksellerid, 1));
98 my $bookseller = GetBookSellerFromId($booksellerid);
99 my $count = scalar @contractloop;
100 if ( $count > 0) {
101 $template->param(contractloop => \@contractloop,
102 basketcontractnumber => $basket->{'contractnumber'});
104 $template->param( add_form => 1,
105 basketname => $basket->{'basketname'},
106 basketnote => $basket->{'note'},
107 basketbooksellernote => $basket->{'booksellernote'},
108 booksellername => $bookseller->{'name'},
109 booksellerid => $booksellerid,
110 basketno => $basketno
112 #End Edit
113 } elsif ( $op eq 'add_validate' ) {
114 #we are confirming the changes, save the basket
115 my $basketno;
116 if ( $is_an_edit ) {
117 $basketno = $input->param('basketno');
118 ModBasketHeader($input->param('basketno'),$input->param('basketname'),$input->param('basketnote'),$input->param('basketbooksellernote'),$input->param('basketcontractnumber'));
119 } else { #New basket
120 $basketno = NewBasket($booksellerid, $loggedinuser, $input->param('basketname'), $input->param('basketnote'), $input->param('basketbooksellernote'), $input->param('basketcontractnumber'));
122 print $input->redirect('basket.pl?basketno='.$basketno);
123 exit 0;
125 output_html_with_http_headers $input, $cookie, $template->output;