# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
-use warnings;
-use strict;
+use Modern::Perl;
use Data::Dumper;
use POSIX;
use CGI qw ( -utf8 );
use CGI::Cookie; # need to check cookies before having CGI parse the POST request
-
+use URI::Escape;
use C4::Auth qw(:DEFAULT check_cookie_auth);
use C4::Context;
use Koha::DateUtils;
sub ajax_auth_cgi ($) { # returns CGI object
my $needed_flags = shift;
- my %cookies = fetch CGI::Cookie;
+ my %cookies = CGI::Cookie->fetch;
my $input = CGI->new;
my $sessid = $cookies{'CGISESSID'}->value;
my ($auth_status, $auth_sessid) = check_cookie_auth($sessid, $needed_flags);
my ($tag, $js_reply);
if ($tag = $input->param('test')) {
my $check = is_approved($tag);
- $js_reply = ( $check >= 1 ? 'success' :
- $check <= -1 ? 'failure' : 'indeterminate' ) . "_test('$tag');\n";
+ $js_reply = ( $check >= 1 ? 'success' : $check <= -1 ? 'failure' : 'indeterminate' ) . "_test('".uri_escape_utf8($tag)."');\n";
}
if ($tag = $input->param('ok')) {
- $js_reply = ( whitelist($operator,$tag) ? 'success' : 'failure') . "_approve('$tag');\n";
+ $js_reply = ( whitelist($operator,$tag) ? 'success' : 'failure') . "_approve('".uri_escape_utf8($tag)."');\n";
}
if ($tag = $input->param('rej')) {
- $js_reply = ( blacklist($operator,$tag) ? 'success' : 'failure') . "_reject('$tag');\n";
+ $js_reply = ( blacklist($operator,$tag) ? 'success' : 'failure') . "_reject('".uri_escape_utf8($tag)."');\n";
}
output_with_http_headers $input, undef, $js_reply, 'js';
exit;
}
$op ||= 'none';
-@tags = $input->param('tags');
+@tags = $input->multi_param('tags');
$borrowernumber == 0 and push @errors, {op_zero=>1};
if ($op eq 'approve') {