-my $savedreview = getreview( $biblionumber, $borrowernumber );
-if ( $type eq 'save' ) {
- savereview( $biblionumber, $borrowernumber, $review );
+my $biblio = GetBiblioData($biblionumber);
+my $savedreview = getreview($biblionumber,$borrowernumber);
+my ($clean, @errors);
+if (defined $review) {
+ if ($review !~ /\S/) {
+ push @errors, {empty=>1};
+ } else {
+ $clean = C4::Scrubber->new('comment')->scrub($review);
+ if ($clean !~ /\S/) {
+ push @errors, {scrubbed_all=>1};
+ } else {
+ if ($clean ne $review) {
+ push @errors, {scrubbed=>$clean};
+ }
+ my $js_ok_review = $clean;
+ $js_ok_review =~ s/"/"/g; # probably redundant w/ TMPL ESCAPE=JS
+ $template->param(clean_review=>$js_ok_review);
+ if ($savedreview) {
+ updatereview($biblionumber, $borrowernumber, $clean);
+ } else {
+ savereview($biblionumber, $borrowernumber, $clean);
+ }
+ unless (@errors){ $template->param(WINDOW_CLOSE=>1); }
+ }
+ }