LP#1822630: further sanitizing of CGI params when embedded in HTML
[working/Evergreen.git] / Open-ILS / src / templates / opac / parts / place_hold_result.tt2
1 [%  PROCESS "opac/parts/misc_util.tt2";
2     PROCESS "opac/parts/hold_error_messages.tt2";
3     override_possible = 0;
4     any_failures = 0;
5 %]
6
7 <!-- TODO: CSS for big/strong-->
8
9 <script>
10 function disable_submit() {
11    var submit_element = document.getElementById("place_hold_submit");
12    submit_element.disabled = true;
13    return true;
14 };
15 </script>
16
17 <div id='holds_box' class='canvas' style='margin-top: 6px;'>
18     <h1>[% l('Place Hold') %]</h1>
19
20     <form method="post" onsubmit="return disable_submit();">
21         <input type="hidden" name="override" value="1" />
22         [% FOR k IN ctx.orig_params.keys %]
23         <input type="hidden" name="[% k %]" value="[% ctx.orig_params.$k | html %]" />
24         [% END %]
25
26         <table id='hold-items-list'>
27
28         [% FOR hdata IN ctx.hold_data;
29             attrs = {marc_xml => hdata.marc_xml};
30             PROCESS get_marc_attrs args=attrs %]
31             <tr>
32                 <td>
33                     [% 
34                         override = 0;
35                         IF hdata.could_override || hdata.hold_local_alert;
36                             override_possible = 1;
37                             override = 1;
38                         END;
39                     %]
40                     <input 
41                         type="checkbox" name="hold_target" value="[% hdata.target.id | html %]"
42                         [% IF override %] checked='checked' [% ELSE %] disabled='disabled' [% END %]/>
43                 </td>
44                 <td>
45                     [%
46                         title = attrs.title_extended;
47                         IF hdata.selected_part AND hdata.parts AND hdata.parts.size > 0;
48                             FOREACH part IN hdata.parts;
49                                 IF hdata.selected_part == part.id;
50                                     title = l('[_1] ([_2])', title, part.label);
51                                 END;
52                             END;
53                         END;
54                     %]
55                         
56                     <div class='hold-items-list-title'>[% title | html %]</div>
57                     [% IF hdata.parts %]
58                         <input type='hidden' name='part' value='[% hdata.selected_part || '' %]'/>
59                     [% END %]
60                     <div>
61                         [% IF hdata.hold_success %]
62
63                         <div class='success'>[% l("Hold was successfully placed"); %]</div>
64
65                         [% IF hdata.frozen %]
66                         <div>
67                         [% l("Hold is suspended") %]
68                         [% IF hdata.thaw_date %]
69                         <br/>
70                         [% l("Reactivate on [_1]", date.format(ctx.parse_datetime(hdata.thaw_date), DATE_FORMAT));
71                            END %]
72                         </div>
73                         [% END %]
74
75                         [% IF ctx.is_staff %]
76                             <script>
77                                 window.addEventListener(
78                                     'load',
79                                     function() {
80                                         setTimeout( // we want this to run _after_ other onload handlers (such as from eframe.js)
81                                             function() {
82                                                 try {
83                                                     if (typeof xulG != 'undefined' && xulG.opac_hold_placed) {
84                                                         xulG.opac_hold_placed([% hdata.hold_success %]);
85                                                     }
86                                                 } catch(E) {
87                                                     alert('Error updating Work Log with hold placement: ' + E);
88                                                 }
89                                             }, 0
90                                         );
91                                     },
92                                     false
93                                 );
94                             </script>
95                         [% END %]
96                         
97                         [% ELSIF hdata.hold_failed; any_failures = 1 %]
98
99                             <div><big><strong>[% l("Hold was not successfully placed"); %]</strong></big></div>
100                             [% IF hdata.hold_local_block %]
101                                 <div>[% l("There is already a copy available at your local library.") %]</div>
102                             [% ELSIF hdata.hold_failed_event || hdata.hold_local_alert %]
103                                 <div>
104                                     <span class='hold-items-list-problem'>[% l('Problem:') %]</span>
105                                     <span title="[% hdata.hold_failed_event.textcode | html %]">
106                                         <em>[%
107                                                 fail_part_key = hdata.hold_failed_event.payload.fail_part;
108                                                 event_key = hdata.hold_failed_event.textcode;
109
110                                                 # display:
111                                                 (hdata.age_protect ?
112                                                     l("All available copies are temporarily unavailable at your pickup library. Placing this hold could result in longer wait times.") :
113                                                     EVENT_MSG_MAP.$event_key ||
114                                                     FAIL_PART_MSG_MAP.$fail_part_key ||
115                                                     (hdata.hold_failed_event.desc ? l(hdata.hold_failed_event.desc) : '') ||
116                                                     hdata.hold_failed_event.payload.fail_part ||
117                                                     hdata.hold_failed_event.textcode ||
118                                                     (hdata.hold_local_alert ?
119                                                         l("There is already a copy available at your local library.") :
120                                                         l("Unknown problem"))) | html
121                                             %]</em>
122                                             [% IF event_key == 'PERM_FAILURE' %]
123                                             <div>[% l('Permission: "[_1]"', hdata.hold_failed_event.ilsperm) | html %]</div>
124                                             [% END %]
125                                     </span>
126                                     [% IF hdata.hold_copy_available %]
127                                         <p>[%  l('Find a copy in the shelving location, "[_1]."', locname) | html %]</p>
128                                     [% END %]
129                                 </div>
130                             [% END;
131                         END %]
132                     </div>
133                 </td>
134             </tr>
135         [% END %]
136         </table>
137         [% IF override_possible %]
138             <br/>
139             <hr/>
140             <div class='big-strong'>
141                 [% |l %]You have permission to override some of the failed holds. Click Submit to override and place your hold on the selected items.[% END %]
142             </div>
143             <span style='padding-right: 10px;'>
144                 <input id="place_hold_submit" type="submit" name="submit" value="[% l('Submit') %]"
145                     title="[% l('Submit') %]" alt="[% l('Submit') %]"
146                     class="opac-button" />
147             </span>
148         [% END %]
149         <span>
150         [% IF any_failures OR ctx.general_hold_error %]
151         <a href="[% CGI.param('redirect_to') | html || CGI.referer | html %]">[% l('Cancel') %]</a>
152         [% ELSE %]
153         <div class='hold_success_links'>
154           <span><a href="[% CGI.param('redirect_to') | html || CGI.referer | html %]">[% l('Continue') %]</a></span>
155            [% IF ctx.is_staff %]
156              [% IF CGI.param('hold_type') == 'C';
157                   hold_type_label = l('copy');
158                 ELSIF CGI.param('hold_type') == 'V';
159                   hold_type_label = l('volume');
160                 ELSE;
161                   hold_type_label = l('title');
162               END %]
163                <span><a href="[% mkurl(ctx.opac_root _ '/place_hold', {hold_source_page => CGI.param('hold_source_page'), bre_id => CGI.param('bre_id')}) %]">
164                [% l('Place another hold for this ') %] [% hold_type_label %]</a>
165                </span>
166           [% END %]
167         [% END %]
168         </span>
169     </form>
170 </div>
171