LP#1822630: further sanitizing of CGI params when embedded in HTML
[working/Evergreen.git] / Open-ILS / src / templates / opac / parts / result / adv_filter.tt2
1 [%-
2
3 pubdate_filters = ['date1', 'before', 'after', 'between'];
4
5 FOR filter IN ctx.query_struct.filters;
6     fname = filter.name;
7     fvalues = filter.args;
8     crad = ctx.get_crad(fname);
9
10     # will be some special ones, like locations
11     IF crad AND NOT pubdate_filters.grep('^' _ filter.name _ '$').size;
12         remove_filter = 'fi:' _ fname;
13 -%]
14          <div class="adv_filter_results_group_wrapper">
15            <div class="adv_filter_results_group">
16            <div class="adv_filter_results_group_header"> <h4 class="title">[% IF filter.negate; l('Not'); END %] [% (crad.description || crad.label) | html %]</h4></div>
17            <div class="adv_filter_results_group_values"> [% temp = [];
18                FOR fval IN fvalues;
19                 thing = ctx.search_ccvm('ctype',fname,'code',fval).0;
20                 display_value = thing.search_label || thing.value;
21                 IF display_value.defined;
22                  temp.push(display_value);
23                 END;
24                END;
25                FOR display_value IN temp.sort;
26             %]
27                  <span class="adv_search_result_filter">
28                     [% display_value | html %]
29                  </span>
30                  [% UNLESS loop.last %]
31                   <span class="adv_search_result_filter"> [% l('OR') %] </span>
32                  [% END %]
33             [% END; # FOR %]
34              </div>
35               <a class="button remove_filter"
36               title="[% l('Remove [_1] filter', (crad.description || crad.label)) %]"
37               aria-label=[% l('Remove [_1] filter', (crad.description || crad.label)) %]"
38               href="[% mkurl('', {}, [remove_filter]) %]" rel="nofollow" vocab="">&times; </a>
39
40             </div>
41            </div>
42     [%- END; # IF crad -%]
43
44 [%-  IF filter.name == 'locations'; locs = ctx.search_acpl('id',filter.args) -%]
45     <div class="adv_filter_results_group_wrapper">
46       <div class="adv_filter_results_group">
47             <h4 class="title">[% IF filter.negate; l('Not'); END %] [% l('Locations') %]</h4>
48             [% temp = [];
49                FOR loc IN locs;
50                 temp.push(loc.name);
51                END;
52                FOR display_name IN temp.sort; %]
53                   <span class="adv_search_result_filter">
54                     [% display_name | html%]
55                   </span>
56             [% END; # FOR %]
57             <a class="button remove_filter"
58               title="[% l('Remove location filter') %]"
59               href="[% mkurl('', {}, ['fi:locations']) %]" rel="nofollow" vocab=""> &times;</a>
60       </div>
61     </div> 
62 [%- END; # IF locations -%]
63
64 [%- IF pubdate_filters.grep('^' _ filter.name _ '$').size;
65     date1 = CGI.param('date1') | html;
66     date2 = CGI.param('date2') | html;
67 -%]
68     <div class="adv_filter_results_group_wrapper">
69       <div class="adv_filter_results_group">
70             <h4 class="title">[% IF filter.negate; l('Not'); END %] [% l('Publication Year') %]</h4>
71               <span class="adv_search_result_filter">
72               [% IF    filter.name == 'date1'      %][% l('[_1]', date1) %]
73               [% ELSIF filter.name == 'before'  %][% l('Before [_1]', date1) %]
74               [% ELSIF filter.name == 'after'   %][% l('After [_1]', date1) %]
75               [% ELSIF filter.name == 'between' %][% l('Between [_1] and [_2]', date1, date2) %]
76               [% END %]
77               </span>
78               <a class="button remove_filter"
79               title="[% l('Remove publication date filter') %]"
80               href="[% mkurl('', {}, ['pubdate', 'date1', 'date2']) %]" rel="nofollow" vocab="">&times; </a>
81       </div>
82     </div>
83
84 [%- END; # IF pubdate_filters -%]
85 [%- END; # FOR -%]