Bug 15339: Improve parameter validation
[koha.git] / acqui / invoices.pl
blob3c10e7a1ec8c102895ab05ab8f368abf380d3639
1 #!/usr/bin/perl
3 # Copyright 2011 BibLibre SARL
4 # This file is part of Koha.
6 # Koha is free software; you can redistribute it and/or modify it
7 # under the terms of the GNU General Public License as published by
8 # the Free Software Foundation; either version 3 of the License, or
9 # (at your option) any later version.
11 # Koha is distributed in the hope that it will be useful, but
12 # WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 # GNU General Public License for more details.
16 # You should have received a copy of the GNU General Public License
17 # along with Koha; if not, see <http://www.gnu.org/licenses>.
19 =head1 NAME
21 invoices.pl
23 =head1 DESCRIPTION
25 Search for invoices
27 =cut
29 use strict;
30 use warnings;
32 use CGI qw ( -utf8 );
33 use C4::Auth;
34 use C4::Output;
36 use C4::Acquisition qw/GetInvoices/;
37 use C4::Budgets;
38 use Koha::DateUtils;
39 use Koha::Acquisition::Booksellers;
41 my $input = CGI->new;
42 my ( $template, $loggedinuser, $cookie, $flags ) = get_template_and_user(
44 template_name => 'acqui/invoices.tt',
45 query => $input,
46 type => 'intranet',
47 authnotrequired => 0,
48 flagsrequired => { 'acquisition' => '*' },
49 debug => 1,
53 my $invoicenumber = $input->param('invoicenumber');
54 my $supplierid = $input->param('supplierid');
55 my $shipmentdatefrom = $input->param('shipmentdatefrom');
56 my $shipmentdateto = $input->param('shipmentdateto');
57 my $billingdatefrom = $input->param('billingdatefrom');
58 my $billingdateto = $input->param('billingdateto');
59 my $isbneanissn = $input->param('isbneanissn');
60 my $title = $input->param('title');
61 my $author = $input->param('author');
62 my $publisher = $input->param('publisher');
63 my $publicationyear = $input->param('publicationyear');
64 my $branch = $input->param('branch');
65 my $message_id = $input->param('message_id');
66 my $op = $input->param('op');
68 $shipmentdatefrom and $shipmentdatefrom = eval { dt_from_string( $shipmentdatefrom ) };
69 $shipmentdateto and $shipmentdateto = eval { dt_from_string( $shipmentdateto ) };
70 $billingdatefrom and $billingdatefrom = eval { dt_from_string( $billingdatefrom ) };
71 $billingdateto and $billingdateto = eval { dt_from_string( $billingdateto ) };
73 my $invoices = [];
74 if ( $op and $op eq 'do_search' ) {
75 @{$invoices} = GetInvoices(
76 invoicenumber => $invoicenumber,
77 supplierid => $supplierid,
78 shipmentdatefrom => $shipmentdatefrom ? output_pref( { str => $shipmentdatefrom, dateformat => 'iso' } ) : undef,
79 shipmentdateto => $shipmentdateto ? output_pref( { str => $shipmentdateto, dateformat => 'iso' } ) : undef,
80 billingdatefrom => $billingdatefrom ? output_pref( { str => $billingdatefrom, dateformat => 'iso' } ) : undef,
81 billingdateto => $billingdateto ? output_pref( { str => $billingdateto, dateformat => 'iso' } ) : undef,
82 isbneanissn => $isbneanissn,
83 title => $title,
84 author => $author,
85 publisher => $publisher,
86 publicationyear => $publicationyear,
87 branchcode => $branch,
88 message_id => $message_id,
92 # Build suppliers list
93 my @suppliers = Koha::Acquisition::Booksellers->search( undef, { order_by => { -asc => 'name' } } );
94 my $suppliers_loop = [];
95 my $suppliername;
96 foreach (@suppliers) {
97 my $selected = 0;
98 if ($supplierid && $supplierid == $_->id ) {
99 $selected = 1;
100 $suppliername = $_->name;
102 push @{$suppliers_loop},
104 suppliername => $_->name,
105 booksellerid => $_->id,
106 selected => $selected,
110 my $budgets = GetBudgets();
111 my @budgets_loop;
112 foreach my $budget (@$budgets) {
113 push @budgets_loop, $budget if CanUserUseBudget( $loggedinuser, $budget, $flags );
116 $template->{'VARS'}->{'budgets_loop'} = \@budgets_loop;
118 $template->param(
119 do_search => ( $op and $op eq 'do_search' ) ? 1 : 0,
120 invoices => $invoices,
121 invoicenumber => $invoicenumber,
122 booksellerid => $supplierid,
123 suppliername => $suppliername,
124 shipmentdatefrom => $shipmentdatefrom,
125 shipmentdateto => $shipmentdateto,
126 billingdatefrom => $billingdatefrom,
127 billingdateto => $billingdateto,
128 isbneanissn => $isbneanissn,
129 title => $title,
130 author => $author,
131 publisher => $publisher,
132 publicationyear => $publicationyear,
133 branch => $branch,
134 suppliers_loop => $suppliers_loop,
137 output_html_with_http_headers $input, $cookie, $template->output;