search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "Bug 17902: Fix possible SQL injection in serials editing"
[koha.git] / serials / subscription-add.pl
blobf66b650f898863791759eeb628d5dafcb52f62ee
1 #!/usr/bin/perl
2
3 # This file is part of Koha.
4 #
5 # Koha is free software; you can redistribute it and/or modify it
6 # under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
9 #
10 # Koha is distributed in the hope that it will be useful, but
11 # WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
14 #
15 # You should have received a copy of the GNU General Public License
16 # along with Koha; if not, see <http://www.gnu.org/licenses>.
17
18 use strict;
19 use warnings;
20
21 use CGI qw ( -utf8 );
22 use Date::Calc qw(Today Day_of_Year Week_of_Year Add_Delta_Days Add_Delta_YM);
23 use C4::Koha;
24 use C4::Biblio;
25 use C4::Auth;
26 use C4::Acquisition;
27 use C4::Output;
28 use C4::Context;
29 use C4::Serials;
30 use C4::Serials::Frequency;
31 use C4::Serials::Numberpattern;
32 use C4::Letters;
33 use Koha::AdditionalField;
34 use Koha::DateUtils;
35 use Carp;
36
37 #use Smart::Comments;
38
39 our $query = CGI->new;
40 my $op = $query->param('op') || '';
41 my $dbh = C4::Context->dbh;
42 my $sub_length;
43
44
45 # Permission needed if it is a modification : edit_subscription
46 # Permission needed otherwise (nothing or dup) : create_subscription
47 my $permission = ($op eq "modify") ? "edit_subscription" : "create_subscription";
48
49 my ($template, $loggedinuser, $cookie)
50 = get_template_and_user({template_name => "serials/subscription-add.tt",
51 query => $query,
52 type => "intranet",
53 authnotrequired => 0,
54 flagsrequired => {serials => $permission},
55 debug => 1,
56 });
57
58
59
60 my $sub_on;
61
62 my $subs;
63 our $firstissuedate;
64
65 if ($op eq 'modify' || $op eq 'dup' || $op eq 'modsubscription') {
66
67 my $subscriptionid = $query->param('subscriptionid');
68 $subs = GetSubscription($subscriptionid);
69
70 ## FIXME : Check rights to edit if mod. Could/Should display an error message.
71 if ($subs->{'cannotedit'} && $op eq 'modify'){
72 carp "Attempt to modify subscription $subscriptionid by ".C4::Context->userenv->{'id'}." not allowed";
73 print $query->redirect("/cgi-bin/koha/serials/subscription-detail.pl?subscriptionid=$subscriptionid");
74 }
75 $firstissuedate = $subs->{firstacquidate} || ''; # in iso format.
76 for (qw(startdate firstacquidate histstartdate enddate histenddate)) {
77 next unless defined $subs->{$_};
78 # TODO : Handle date formats properly.
79 if ($subs->{$_} eq '0000-00-00') {
80 $subs->{$_} = ''
81 } else {
82 $subs->{$_} = $subs->{$_};
83 }
84 }
85 if (!defined $subs->{letter}) {
86 $subs->{letter}= q{};
87 }
88 my $nextexpected = GetNextExpected($subscriptionid);
89 $nextexpected->{'isfirstissue'} = $nextexpected->{planneddate} eq $firstissuedate ;
90 $subs->{nextacquidate} = $nextexpected->{planneddate} if($op eq 'modify');
91 unless($op eq 'modsubscription') {
92 foreach my $length_unit (qw(numberlength weeklength monthlength)) {
93 if ($subs->{$length_unit}) {
94 $sub_length=$subs->{$length_unit};
95 $sub_on=$length_unit;
96 last;
97 }
98 }
99
100 $template->param( %{$subs} );
101 $template->param(
102 $op => 1,
103 "subtype_$sub_on" => 1,
104 sublength =>$sub_length,
105 history => ($op eq 'modify'),
106 firstacquiyear => substr($firstissuedate,0,4),
107 );
108
109 if($op eq 'modify') {
110 my ($serials_number) = GetSerials($subscriptionid);
111 if($serials_number > 1) {
112 $template->param(more_than_one_serial => 1);
113 }
114 }
115 }
116
117 if ( $op eq 'dup' ) {
118 my $dont_copy_fields = C4::Context->preference('SubscriptionDuplicateDroppedInput');
119 my @fields_id = map { fieldid => $_ }, split '\|', $dont_copy_fields;
120 $template->param( dont_export_field_loop => \@fields_id );
121 }
122
123 my $letters = get_letter_loop( $subs->{letter} );
124 $template->param( letterloop => $letters );
125
126 }
127
128 my $locations_loop = GetAuthorisedValues("LOC");
129
130 $template->param(
131 branchcode => $subs->{branchcode},
132 locations_loop=>$locations_loop,
133 );
134
135
136 my $additional_fields = Koha::AdditionalField->all( { tablename => 'subscription' } );
137 for my $field ( @$additional_fields ) {
138 if ( $field->{authorised_value_category} ) {
139 $field->{authorised_value_choices} = GetAuthorisedValues( $field->{authorised_value_category} );
140 }
141 }
142 $template->param( additional_fields_for_subscription => $additional_fields );
143
144 my $typeloop = GetItemTypes();
145
146 my @typearg =
147 map { { code => $_, value => $typeloop->{$_}{'description'}, selected => ( ( $subs->{itemtype} and $_ eq $subs->{itemtype} ) ? "selected=\"selected\"" : "" ), } } sort keys %{$typeloop};
148 my @previoustypearg =
149 map { { code => $_, value => $typeloop->{$_}{'description'}, selected => ( ( $subs->{previousitemtype} and $_ eq $subs->{previousitemtype} ) ? "selected=\"selected\"" : "" ), } } sort keys %{$typeloop};
150
151 $template->param(
152 typeloop => \@typearg,
153 previoustypeloop => \@previoustypearg,
154 locations_loop=>$locations_loop,
155 );
156
157 # prepare template variables common to all $op conditions:
158 $template->param('makePreviousSerialAvailable' => 1) if (C4::Context->preference('makePreviousSerialAvailable'));
159
160 if ($op!~/^mod/) {
161 my $letters = get_letter_loop();
162 $template->param( letterloop => $letters );
163 }
164
165 if ($op eq 'addsubscription') {
166 redirect_add_subscription();
167 } elsif ($op eq 'modsubscription') {
168 redirect_mod_subscription();
169 } else {
170
171 $template->param(
172 subtypes => [ qw( numberlength weeklength monthlength ) ],
173 subtype => $sub_on,
174 );
175
176 if ( $op ne 'modsubscription' && $op ne 'dup' && $op ne 'modify' ) {
177 my $letters = get_letter_loop();
178 $template->param( letterloop => $letters );
179 }
180
181 my $new_biblionumber = $query->param('biblionumber_for_new_subscription');
182 if (defined $new_biblionumber) {
183 my $bib = GetBiblioData($new_biblionumber);
184 if (defined $bib) {
185 $template->param(bibnum => $new_biblionumber);
186 $template->param(bibliotitle => $bib->{title});
187 }
188 }
189
190 $template->param((uc(C4::Context->preference("marcflavour"))) => 1);
191
192 my @frequencies = GetSubscriptionFrequencies;
193 my @frqloop;
194 foreach my $freq (@frequencies) {
195 my $selected = 0;
196 $selected = 1 if ($subs->{periodicity} and $freq->{id} eq $subs->{periodicity});
197 my $row = {
198 id => $freq->{'id'},
199 selected => $selected,
200 label => $freq->{'description'},
201 };
202 push @frqloop, $row;
203 }
204 $template->param(frequencies => \@frqloop);
205
206 my @numpatterns = GetSubscriptionNumberpatterns;
207 my @numberpatternloop;
208 foreach my $numpattern (@numpatterns) {
209 my $selected = 0;
210 $selected = 1 if($subs->{numberpattern} and $numpattern->{id} eq $subs->{numberpattern});
211 my $row = {
212 id => $numpattern->{'id'},
213 selected => $selected,
214 label => $numpattern->{'label'},
215 };
216 push @numberpatternloop, $row;
217 }
218 $template->param(numberpatterns => \@numberpatternloop);
219
220 my $languages = [ map {
221 {
222 language => $_->{iso639_2_code},
223 description => $_->{language_description} || $_->{language}
224 }
225 } @{ C4::Languages::getAllLanguages() } ];
226
227 $template->param( locales => $languages );
228
229 output_html_with_http_headers $query, $cookie, $template->output;
230 }
231
232 sub get_letter_loop {
233 my ($selected_lettercode) = @_;
234 $selected_lettercode //= '';
235 my $letters = GetLetters({ module => 'serial' });
236 return [
237 map {
238 {
239 value => $_->{code},
240 lettername => $_->{name},
241 ( $_->{code} eq $selected_lettercode ? ( selected => 1 ) : () ),
242 }
243 } @$letters
244 ];
245 }
246
247 sub _get_sub_length {
248 my ($type, $length) = @_;
249 return
250 (
251 $type eq 'issues' ? $length : 0,
252 $type eq 'weeks' ? $length : 0,
253 $type eq 'months' ? $length : 0,
254 );
255 }
256
257 sub _guess_enddate {
258 my ($startdate_iso, $frequencyid, $numberlength, $weeklength, $monthlength) = @_;
259 my ($year, $month, $day);
260 my $enddate;
261 if($numberlength != 0) {
262 my $frequency = GetSubscriptionFrequency($frequencyid);
263 if($frequency->{'unit'} eq 'day') {
264 ($year, $month, $day) = Add_Delta_Days(split(/-/, $startdate_iso), $numberlength * $frequency->{'unitsperissue'} / $frequency->{'issuesperunit'});
265 } elsif($frequency->{'unit'} eq 'week') {
266 ($year, $month, $day) = Add_Delta_Days(split(/-/, $startdate_iso), $numberlength * 7 * $frequency->{'unitsperissue'} / $frequency->{'issuesperunit'});
267 } elsif($frequency->{'unit'} eq 'month') {
268 ($year, $month, $day) = Add_Delta_YM(split(/-/, $startdate_iso), 0, $numberlength * $frequency->{'unitsperissue'} / $frequency->{'issuesperunit'});
269 } elsif($frequency->{'unit'} eq 'year') {
270 ($year, $month, $day) = Add_Delta_YM(split(/-/, $startdate_iso), $numberlength * $frequency->{'unitsperissue'} / $frequency->{'issuesperunit'}, 0);
271 }
272 } elsif($weeklength != 0) {
273 ($year, $month, $day) = Add_Delta_Days(split(/-/, $startdate_iso), $weeklength * 7);
274 } elsif($monthlength != 0) {
275 ($year, $month, $day) = Add_Delta_YM(split(/-/, $startdate_iso), 0, $monthlength);
276 }
277 if(defined $year) {
278 $enddate = sprintf("%04d-%02d-%02d", $year, $month, $day);
279 } else {
280 undef $enddate;
281 }
282 return $enddate;
283 }
284
285 sub redirect_add_subscription {
286 my $auser = $query->param('user');
287 my $branchcode = $query->param('branchcode');
288 my $aqbooksellerid = $query->param('aqbooksellerid');
289 my $cost = $query->param('cost');
290 my $aqbudgetid = $query->param('aqbudgetid');
291 my $periodicity = $query->param('frequency');
292 my @irregularity = $query->multi_param('irregularity');
293 my $numberpattern = $query->param('numbering_pattern');
294 my $locale = $query->param('locale');
295 my $graceperiod = $query->param('graceperiod') || 0;
296
297 my $subtype = $query->param('subtype');
298 my $sublength = $query->param('sublength');
299 my ( $numberlength, $weeklength, $monthlength )
300 = _get_sub_length( $subtype, $sublength );
301 my $add1 = $query->param('add1');
302 my $lastvalue1 = $query->param('lastvalue1');
303 my $innerloop1 = $query->param('innerloop1');
304 my $innerloop2 = $query->param('innerloop2');
305 my $lastvalue2 = $query->param('lastvalue2');
306 my $lastvalue3 = $query->param('lastvalue3');
307 my $innerloop3 = $query->param('innerloop3');
308 my $status = 1;
309 my $biblionumber = $query->param('biblionumber');
310 my $callnumber = $query->param('callnumber');
311 my $notes = $query->param('notes');
312 my $internalnotes = $query->param('internalnotes');
313 my $letter = $query->param('letter');
314 my $manualhistory = $query->param('manualhist') ? 1 : 0;
315 my $serialsadditems = $query->param('serialsadditems');
316 my $staffdisplaycount = $query->param('staffdisplaycount');
317 my $opacdisplaycount = $query->param('opacdisplaycount');
318 my $location = $query->param('location');
319 my $itemtype = $query->param('itemtype');
320 my $previousitemtype = $query->param('previousitemtype');
321 my $skip_serialseq = $query->param('skip_serialseq');
322
323 my $startdate = output_pref( { str => scalar $query->param('startdate'), dateonly => 1, dateformat => 'iso' } );
324 my $enddate = output_pref( { str => scalar $query->param('enddate'), dateonly => 1, dateformat => 'iso' } );
325 my $firstacquidate = output_pref( { str => scalar $query->param('firstacquidate'), dateonly => 1, dateformat => 'iso' } );
326
327 if(!defined $enddate || $enddate eq '') {
328 if($subtype eq "issues") {
329 $enddate = _guess_enddate($firstacquidate, $periodicity, $numberlength, $weeklength, $monthlength)
330 } else {
331 $enddate = _guess_enddate($startdate, $periodicity, $numberlength, $weeklength, $monthlength)
332 }
333 }
334
335 my $subscriptionid = NewSubscription(
336 $auser, $branchcode, $aqbooksellerid, $cost, $aqbudgetid, $biblionumber,
337 $startdate, $periodicity, $numberlength, $weeklength,
338 $monthlength, $lastvalue1, $innerloop1, $lastvalue2, $innerloop2,
339 $lastvalue3, $innerloop3, $status, $notes, $letter, $firstacquidate,
340 join(";",@irregularity), $numberpattern, $locale, $callnumber,
341 $manualhistory, $internalnotes, $serialsadditems,
342 $staffdisplaycount, $opacdisplaycount, $graceperiod, $location, $enddate,
343 $skip_serialseq
344 );
345
346 my $additional_fields = Koha::AdditionalField->all( { tablename => 'subscription' } );
347 insert_additional_fields( $additional_fields, $biblionumber, $subscriptionid );
348
349 print $query->redirect("/cgi-bin/koha/serials/subscription-detail.pl?subscriptionid=$subscriptionid");
350 return;
351 }
352
353 sub redirect_mod_subscription {
354 my $subscriptionid = $query->param('subscriptionid');
355 my @irregularity = $query->multi_param('irregularity');
356 my $auser = $query->param('user');
357 my $librarian => scalar $query->param('librarian'),
358 my $branchcode = $query->param('branchcode');
359 my $cost = $query->param('cost');
360 my $aqbooksellerid = $query->param('aqbooksellerid');
361 my $biblionumber = $query->param('biblionumber');
362 my $aqbudgetid = $query->param('aqbudgetid');
363
364 my $startdate = output_pref( { str => scalar $query->param('startdate'), dateonly => 1, dateformat => 'iso' } );
365 my $enddate = output_pref( { str => scalar $query->param('enddate'), dateonly => 1, dateformat => 'iso' } );
366 my $firstacquidate = output_pref( { str => scalar $query->param('firstacquidate'), dateonly => 1, dateformat => 'iso' } );
367
368 my $nextacquidate = $query->param('nextacquidate');
369 $nextacquidate = $nextacquidate
370 ? output_pref( { str => $nextacquidate, dateonly => 1, dateformat => 'iso' } )
371 : $firstacquidate;
372
373 my $periodicity = $query->param('frequency');
374
375 my $subtype = $query->param('subtype');
376 my $sublength = $query->param('sublength');
377 my ($numberlength, $weeklength, $monthlength)
378 = _get_sub_length( $subtype, $sublength );
379 my $numberpattern = $query->param('numbering_pattern');
380 my $locale = $query->param('locale');
381 my $lastvalue1 = $query->param('lastvalue1');
382 my $innerloop1 = $query->param('innerloop1');
383 my $lastvalue2 = $query->param('lastvalue2');
384 my $innerloop2 = $query->param('innerloop2');
385 my $lastvalue3 = $query->param('lastvalue3');
386 my $innerloop3 = $query->param('innerloop3');
387 my $status = 1;
388 my $callnumber = $query->param('callnumber');
389 my $notes = $query->param('notes');
390 my $internalnotes = $query->param('internalnotes');
391 my $letter = $query->param('letter');
392 my $manualhistory = $query->param('manualhist') ? 1 : 0;
393 my $serialsadditems = $query->param('serialsadditems');
394 my $staffdisplaycount = $query->param('staffdisplaycount');
395 my $opacdisplaycount = $query->param('opacdisplaycount');
396 my $graceperiod = $query->param('graceperiod') || 0;
397 my $location = $query->param('location');
398 my $itemtype = $query->param('itemtype');
399 my $previousitemtype = $query->param('previousitemtype');
400 my $skip_serialseq = $query->param('skip_serialseq');
401
402 # Guess end date
403 if(!defined $enddate || $enddate eq '') {
404 if($subtype eq "issues") {
405 $enddate = _guess_enddate($nextacquidate, $periodicity, $numberlength, $weeklength, $monthlength);
406 } else {
407 $enddate = _guess_enddate($startdate, $periodicity, $numberlength, $weeklength, $monthlength);
408 }
409 }
410
411 my $nextexpected = GetNextExpected($subscriptionid);
412 # If it's a mod, we need to check the current 'expected' issue, and mod it in the serials table if necessary.
413 if ( $nextexpected->{planneddate} && $nextacquidate ne $nextexpected->{planneddate} ) {
414 ModNextExpected($subscriptionid, $nextacquidate);
415 # if we have not received any issues yet, then we also must change the firstacquidate for the subs.
416 $firstissuedate = $nextacquidate if($nextexpected->{isfirstissue});
417 }
418
419 ModSubscription(
420 $auser, $branchcode, $aqbooksellerid, $cost, $aqbudgetid, $startdate,
421 $periodicity, $firstacquidate, join(";",@irregularity),
422 $numberpattern, $locale, $numberlength, $weeklength, $monthlength, $lastvalue1,
423 $innerloop1, $lastvalue2, $innerloop2, $lastvalue3, $innerloop3,
424 $status, $biblionumber, $callnumber, $notes, $letter,
425 $manualhistory, $internalnotes, $serialsadditems, $staffdisplaycount,
426 $opacdisplaycount, $graceperiod, $location, $enddate, $subscriptionid,
427 $skip_serialseq, $itemtype, $previousitemtype
428 );
429
430 my $additional_fields = Koha::AdditionalField->all( { tablename => 'subscription' } );
431 insert_additional_fields( $additional_fields, $biblionumber, $subscriptionid );
432
433 print $query->redirect("/cgi-bin/koha/serials/subscription-detail.pl?subscriptionid=$subscriptionid");
434 return;
435 }
436
437 sub insert_additional_fields {
438 my ( $additional_fields, $biblionumber, $subscriptionid ) = @_;
439 my $record = GetMarcBiblio( $biblionumber, 1 );
440 for my $field ( @$additional_fields ) {
441 my $af = Koha::AdditionalField->new({ id => $field->{id} })->fetch;
442 if ( $af->{marcfield} ) {
443 my ( $field, $subfield ) = split /\$/, $af->{marcfield};
444 $af->{values} = undef;
445 if ( $field and $subfield ) {
446 my $value = $record->subfield( $field, $subfield );
447 $af->{values} = {
448 $subscriptionid => $value
449 };
450 }
451 } else {
452 $af->{values} = {
453 $subscriptionid => scalar $query->param('additional_field_' . $field->{id})
454 } if defined $query->param('additional_field_' . $field->{id});
455 }
456 $af->insert_values;
457 }
458 }
Koha ILS