Bug 15111 - Koha is vulnerable to Cross-Frame Scripting (XFS) attacks
[koha.git] / basket / basket.pl
blob8d085a919ba337682af4727cdcf6151631fe90cc
1 #!/usr/bin/perl
3 # This file is part of Koha.
5 # Koha is free software; you can redistribute it and/or modify it
6 # under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
10 # Koha is distributed in the hope that it will be useful, but
11 # WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with Koha; if not, see <http://www.gnu.org/licenses>.
19 use strict;
20 use warnings;
21 use CGI qw ( -utf8 );
22 use C4::Koha;
23 use C4::Biblio;
24 use C4::Items;
25 use C4::Auth;
26 use C4::Output;
27 use C4::Csv;
29 my $query = new CGI;
31 my ( $template, $borrowernumber, $cookie ) = get_template_and_user (
33 template_name => "basket/basket.tt",
34 query => $query,
35 type => "intranet",
36 flagsrequired => { borrow => 1 },
40 my $bib_list = $query->param('bib_list');
41 my $print_basket = $query->param('print');
42 my $verbose = $query->param('verbose');
44 if ($verbose) { $template->param( verbose => 1 ); }
45 if ($print_basket) { $template->param( print_basket => 1 ); }
47 my @bibs = split( /\//, $bib_list );
48 my @results;
50 my $num = 1;
51 my $marcflavour = C4::Context->preference('marcflavour');
52 if (C4::Context->preference('TagsEnabled')) {
53 $template->param(TagsEnabled => 1);
54 foreach (qw(TagsShowOnList TagsInputOnList)) {
55 C4::Context->preference($_) and $template->param($_ => 1);
60 foreach my $biblionumber ( @bibs ) {
61 $template->param( biblionumber => $biblionumber );
63 my $dat = &GetBiblioData($biblionumber);
64 next unless $dat;
65 my $record = &GetMarcBiblio($biblionumber);
66 my $marcnotesarray = GetMarcNotes( $record, $marcflavour );
67 my $marcauthorsarray = GetMarcAuthors( $record, $marcflavour );
68 my $marcsubjctsarray = GetMarcSubjects( $record, $marcflavour );
69 my $marcseriesarray = GetMarcSeries ($record,$marcflavour);
70 my $marcurlsarray = GetMarcUrls ($record,$marcflavour);
71 my @items = GetItemsInfo( $biblionumber );
73 my $hasauthors = 0;
74 if($dat->{'author'} || @$marcauthorsarray) {
75 $hasauthors = 1;
78 my $shelflocations =GetKohaAuthorisedValues('items.location',$dat->{'frameworkcode'});
79 my $collections = GetKohaAuthorisedValues('items.ccode',$dat->{'frameworkcode'});
81 for my $itm (@items) {
82 if ($itm->{'location'}){
83 $itm->{'location_description'} = $shelflocations->{$itm->{'location'} };
86 # COinS format FIXME: for books Only
87 my $coins_format;
88 my $fmt = substr $record->leader(), 6,2;
89 my $fmts;
90 $fmts->{'am'} = 'book';
91 $dat->{ocoins_format} = $fmts->{$fmt};
93 if ( $num % 2 == 1 ) {
94 $dat->{'even'} = 1;
97 $num++;
98 $dat->{biblionumber} = $biblionumber;
99 $dat->{ITEM_RESULTS} = \@items;
100 $dat->{MARCNOTES} = $marcnotesarray;
101 $dat->{MARCSUBJCTS} = $marcsubjctsarray;
102 $dat->{MARCAUTHORS} = $marcauthorsarray;
103 $dat->{MARCSERIES} = $marcseriesarray;
104 $dat->{MARCURLS} = $marcurlsarray;
105 $dat->{HASAUTHORS} = $hasauthors;
107 if ( C4::Context->preference("IntranetBiblioDefaultView") eq "normal" ) {
108 $dat->{dest} = "/cgi-bin/koha/catalogue/detail.pl";
110 elsif ( C4::Context->preference("IntranetBiblioDefaultView") eq "marc" ) {
111 $dat->{dest} = "/cgi-bin/koha/catalogue/MARCdetail.pl";
113 else {
114 $dat->{dest} = "/cgi-bin/koha/catalogue/ISBDdetail.pl";
116 push( @results, $dat );
119 my $resultsarray = \@results;
121 # my $itemsarray=\@items;
123 $template->param(
124 BIBLIO_RESULTS => $resultsarray,
125 csv_profiles => GetCsvProfilesLoop('marc'),
126 bib_list => $bib_list,
129 output_html_with_http_headers $query, $cookie, $template->output;