# The following should only be loaded if we're bringing up the advanced search template
if ( $template_type && $template_type eq 'advsearch' ) {
-
# load the servers (used for searching -- to do federated searching, etc.)
my $primary_servers_loop;# = displayPrimaryServers();
$template->param(outer_servers_loop => $primary_servers_loop,);
my $default_sort_by =
C4::Context->preference('OPACdefaultSortField') . '_'
. C4::Context->preference('OPACdefaultSortOrder');
- $template->param( $default_sort_by => 1 );
+ $template->param( sort_by => $default_sort_by );
}
# determine what to display next to the search boxes (ie, boolean option
. C4::Context->preference('OPACdefaultSortOrder');
}
+my @allowed_sortby = qw /acqdate_asc acqdate_dsc author_az author_za call_number_asc call_number_dsc popularity_asc popularity_dsc pubdate_asc pubdate_dsc relevance title_az title_za/;
@sort_by = split("\0",$params->{'sort_by'}) if $params->{'sort_by'};
$sort_by[0] = $default_sort_by if !$sort_by[0] && defined($default_sort_by);
foreach my $sort (@sort_by) {
- $template->param($sort => 1); # FIXME: security hole. can set any TMPL_VAR here
+ if ( $sort ~~ @allowed_sortby ) {
+ $template->param($sort => 1);
+ }
}
$template->param('sort_by' => $sort_by[0]);
my @results;
## I. BUILD THE QUERY
-my $lang = C4::Output::getlanguagecookie($cgi);
+my $lang = C4::Templates::getlanguagecookie($cgi);
( $error,$query,$simple_query,$query_cgi,$query_desc,$limit,$limit_cgi,$limit_desc,$stopwords_removed,$query_type) = buildQuery(\@operators,\@operands,\@indexes,\@limits,\@sort_by, 0, $lang);
sub _input_cgi_parse ($) {
}
$template->param ( LIMIT_INPUTS => \@limit_inputs );
+$template->param ( OPACResultsSidebar => C4::Context->preference('OPACResultsSidebar'));
## II. DO THE SEARCH AND GET THE RESULTS
my $total = 0; # the total results for the whole set