Bug 17902: Fix possible SQL injection in serials editing
[koha.git] / opac / opac-authorities-home.pl
blobd92166bea627acb7d05cc44213fa1320cb26fd5e
1 #!/usr/bin/perl
2 # WARNING: 4-character tab stops here
4 # Copyright 2000-2002 Katipo Communications
6 # This file is part of Koha.
8 # Koha is free software; you can redistribute it and/or modify it
9 # under the terms of the GNU General Public License as published by
10 # the Free Software Foundation; either version 3 of the License, or
11 # (at your option) any later version.
13 # Koha is distributed in the hope that it will be useful, but
14 # WITHOUT ANY WARRANTY; without even the implied warranty of
15 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 # GNU General Public License for more details.
18 # You should have received a copy of the GNU General Public License
19 # along with Koha; if not, see <http://www.gnu.org/licenses>.
21 use strict;
22 use warnings;
24 use CGI qw ( -utf8 );
25 use URI::Escape;
26 use C4::Auth;
28 use C4::Context;
29 use C4::Auth;
30 use C4::Output;
31 use C4::AuthoritiesMarc;
32 use C4::Koha;
33 use C4::Search::History;
35 use Koha::Authority::Types;
36 use Koha::SearchEngine::Search;
37 use Koha::SearchEngine::QueryBuilder;
39 my $query = new CGI;
40 my $op = $query->param('op') || '';
41 my $authtypecode = $query->param('authtypecode') || '';
42 my $dbh = C4::Context->dbh;
44 my $startfrom = $query->param('startfrom') || 1;
45 my $resultsperpage = $query->param('resultsperpage') || 20;
46 my $authid = $query->param('authid');
47 my ( $template, $loggedinuser, $cookie );
49 my $authority_types = Koha::Authority::Types->search({}, { order_by => ['authtypetext']});
51 if ( $op eq "do_search" ) {
52 my @marclist = $query->multi_param('marclist');
53 my @and_or = $query->multi_param('and_or');
54 my @excluding = $query->multi_param('excluding');
55 my @operator = $query->multi_param('operator');
56 my $orderby = $query->param('orderby');
57 my @value = $query->multi_param('value');
58 $value[0] ||= q||;
60 my @tags;
61 my $builder = Koha::SearchEngine::QueryBuilder->new(
62 { index => $Koha::SearchEngine::AUTHORITIES_INDEX } );
63 my $searcher = Koha::SearchEngine::Search->new(
64 { index => $Koha::SearchEngine::AUTHORITIES_INDEX } );
65 my $search_query = $builder->build_authorities_query_compat( \@marclist, \@and_or,
66 \@excluding, \@operator, \@value, $authtypecode, $orderby );
67 my $offset = ( $startfrom - 1 ) * $resultsperpage + 1;
68 my ( $results, $total ) =
69 $searcher->search_auth_compat( $search_query, $offset, $resultsperpage );
70 ( $template, $loggedinuser, $cookie ) = get_template_and_user(
72 template_name => "opac-authoritiessearchresultlist.tt",
73 query => $query,
74 type => 'opac',
75 authnotrequired => 1,
76 debug => 1,
80 # multi page display gestion
81 my $value_url = uri_escape_utf8($value[0]);
82 my $base_url = "opac-authorities-home.pl?"
83 ."marclist=$marclist[0]"
84 ."&amp;and_or=$and_or[0]"
85 ."&amp;excluding=$excluding[0]"
86 ."&amp;operator=$operator[0]"
87 ."&amp;value=$value_url"
88 ."&amp;resultsperpage=$resultsperpage"
89 ."&amp;type=opac"
90 ."&amp;op=do_search"
91 ."&amp;authtypecode=$authtypecode"
92 ."&amp;orderby=$orderby";
94 my $from = ( $startfrom - 1 ) * $resultsperpage + 1;
95 my $to;
96 if ( !defined $total ) {
97 $total = 0;
100 if ( $total < $startfrom * $resultsperpage ) {
101 $to = $total;
103 else {
104 $to = $startfrom * $resultsperpage;
107 $template->param( result => $results ) if $results;
109 $template->param(
110 pagination_bar => pagination_bar(
111 $base_url, int( $total / $resultsperpage ) + 1,
112 $startfrom, 'startfrom'
114 total => $total,
115 from => $from,
116 to => $to,
119 unless (C4::Context->preference('OPACShowUnusedAuthorities')) {
120 # TODO implement usage counts
121 # my @usedauths = grep { $_->{used} > 0 } @$results;
122 # $results = \@usedauths;
125 # Opac search history
126 if (C4::Context->preference('EnableOpacSearchHistory')) {
127 unless ( $startfrom ) {
128 my $path_info = $query->url(-path_info=>1);
129 my $query_cgi_history = $query->url(-query=>1);
130 $query_cgi_history =~ s/^$path_info\?//;
131 $query_cgi_history =~ s/;/&/g;
133 unless ( $loggedinuser ) {
134 my $new_search = C4::Search::History::add_to_session({
135 cgi => $query,
136 query_desc => $value[0],
137 query_cgi => $query_cgi_history,
138 total => $total,
139 type => "authority",
141 } else {
142 # To the session (the user is logged in)
143 C4::Search::History::add({
144 userid => $loggedinuser,
145 sessionid => $query->cookie("CGISESSID"),
146 query_desc => $value[0],
147 query_cgi => $query_cgi_history,
148 total => $total,
149 type => "authority",
155 $template->param( orderby => $orderby );
156 $template->param(
157 startfrom => $startfrom,
158 resultsperpage => $resultsperpage,
159 countfuzzy => !(C4::Context->preference('OPACShowUnusedAuthorities')),
160 resultcount => scalar @$results,
161 authtypecode => $authtypecode,
162 authtypetext => $authority_types->find($authtypecode)->authtypetext,
163 isEDITORS => $authtypecode eq 'EDITORS',
167 else {
168 ( $template, $loggedinuser, $cookie ) = get_template_and_user(
170 template_name => "opac-authorities-home.tt",
171 query => $query,
172 type => 'opac',
173 authnotrequired => ( C4::Context->preference("OpacPublic") ? 1 : 0 ),
174 debug => 1,
180 $template->param(
181 authority_types => $authority_types,
182 authtypecode => $authtypecode,
185 # Print the page
186 output_html_with_http_headers $query, $cookie, $template->output;
188 # Local Variables:
189 # tab-width: 4
190 # End: