TPAC bookbag CGI param changed to bbid
authorBill Erickson <berick@esilibrary.com>
Fri, 25 May 2012 18:41:18 +0000 (14:41 -0400)
committerLebbeous Fogle-Weekley <lebbeous@esilibrary.com>
Fri, 1 Jun 2012 19:06:05 +0000 (15:06 -0400)
To avoid propagating a generic URL parameter like 'id', which can be
picked up by other pages and cause breakage, use 'bbid' instead.  Also,
clear the 'bbid' param from the my-account tabs.

While we're in there, silence an uninitialized string warning.

Signed-off-by: Bill Erickson <berick@esilibrary.com>
Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/Account.pm
Open-ILS/src/templates/opac/myopac/lists.tt2
Open-ILS/src/templates/opac/parts/myopac/base.tt2

index 85fee15..7399f34 100644 (file)
@@ -1649,22 +1649,22 @@ sub load_myopac_bookbags {
     # If the user wants a specific bookbag's items, load them.
     # XXX add bookbag item paging support
 
-    if ($self->cgi->param("id")) {
+    if ($self->cgi->param("bbid")) {
         my ($bookbag) =
-            grep { $_->id eq $self->cgi->param("id") } @{$ctx->{bookbags}};
+            grep { $_->id eq $self->cgi->param("bbid") } @{$ctx->{bookbags}};
 
         if (!$bookbag) {
             $e->rollback;
             return Apache2::Const::HTTP_INTERNAL_SERVER_ERROR;
         }
 
-        if ($self->cgi->param("action") eq "editmeta") {
+        if ( ($self->cgi->param("action") || '') eq "editmeta") {
             if (!$self->_update_bookbag_metadata($bookbag))  {
                 $e->rollback;
                 return Apache2::Const::HTTP_INTERNAL_SERVER_ERROR;
             } else {
                 $e->commit;
-                my $url = $self->ctx->{opac_root} . '/myopac/lists?id=' .
+                my $url = $self->ctx->{opac_root} . '/myopac/lists?bbid=' .
                     $bookbag->id;
 
                 foreach my $param (('loc', 'qtype', 'query', 'sort')) {
@@ -1821,7 +1821,7 @@ sub load_myopac_bookbag_update {
         }
     } elsif ($action eq 'save_notes') {
         $success = $self->update_bookbag_item_notes;
-        $url .= "&id=" . uri_escape($cgi->param("id")) if $cgi->param("id");
+        $url .= "&bbid=" . uri_escape($cgi->param("bbid")) if $cgi->param("bbid");
     }
 
     return $self->generic_redirect($url) if $success;
index c9ee720..9bdbc08 100644 (file)
         <div class="bookbag-controls-holder">
             <div class="bookbag-controls most">
                 [% baseurl = ctx.opac_root _ '/myopac/lists';
-                IF bbag.id != CGI.param("id");
-                    url = mkurl(baseurl,{id => bbag.id},['edit_notes','sort']);
+                IF bbag.id != CGI.param("bbid");
+                    url = mkurl(baseurl,{bbid => bbag.id},['edit_notes','sort']);
                     ltitle = l("Show items in list");
                 ELSE;
-                    url = mkurl(baseurl, {}, ['id', 'edit_notes', 'sort']);
+                    url = mkurl(baseurl, {}, ['bbid', 'edit_notes', 'sort']);
                     ltitle = l("Hide items in list");
                 END %]
                 <h2 class="bookbag-name"><a title="[% ltitle %]" href="[% url %]">[% bbag.name | html %]</a></h2>
             </div>
             <div class="clear-both pad-bottom-five"></div>
         </div>
-        [% IF CGI.param("id") == bbag.id %]
+        [% IF CGI.param("bbid") == bbag.id %]
         <div class="bookbag-specific">
             <div class="sort">
                 <form method="GET">
                     [% INCLUDE "opac/parts/filtersort.tt2"
                         value=CGI.param('sort') mode='bookbag' %]
                     <input type="hidden" name="id"
-                        value="[% CGI.param('id') | html %]" />
+                        value="[% CGI.param('bbid') | html %]" />
                     <input type="submit" value="[% l('Sort') %]" />
                 </form>
             </div>
                         <input type="checkbox" name="selected_item" value="[% item.id %]" bbag='[% bbag.id %]'/>
                     </td>
                     <td class="list_entry">
-                        <a href="[% mkurl(ctx.opac_root _ '/record/' _ rec_id, {}, ['edit_notes', 'id']) %]">[% attrs.title | html %]</a>
+                        <a href="[% mkurl(ctx.opac_root _ '/record/' _ rec_id, {}, ['edit_notes', 'bbid']) %]">[% attrs.title | html %]</a>
                     </td>
                     <td class="list_entry">
                         <a href="[%- 
                             authorquery = attrs.author | replace('[,\.:;]', '');
-                            mkurl(ctx.opac_root _ '/results', {qtype => 'author', query => authorquery}, ['page', 'id', 'edit_notes'])
+                            mkurl(ctx.opac_root _ '/results', {qtype => 'author', query => authorquery}, ['page', 'bbid', 'edit_notes'])
                             -%]">[% attrs.author | html %]</a>
                     [% IF CGI.param("edit_notes") == bbag.id %]
                     <td class="list_entry">
                     <td colspan="3"><!-- All space left of notes column --></td>
                     <td class="save-notes">
                         [%- INCLUDE "opac/parts/preserve_params.tt2"; %]
-                        <input type="hidden" name="id" value="[% CGI.param('id') | html %]" />
+                        <input type="hidden" name="id" value="[% CGI.param('bbid') | html %]" />
                         <input type="submit" name="save_notes" value="[% l('Save Notes') %]" />
                     </td>
                 </tr>
index 9c11f13..763e65b 100644 (file)
@@ -23,7 +23,7 @@
                     ELSE;
                         cls_which = "acct-tab-off";
                     END -%]
-                <a href="[% mkurl(ctx.opac_root _ '/myopac/' _ page.url) %]"
+                <a href="[% mkurl(ctx.opac_root _ '/myopac/' _ page.url, {}, ['bbid']) %]"
                     class="[% cls_which %]">[% page.name; %]</a>
                 [% END %]
             </div>