fix: genre filter 500 error and clickable genre hierarchy

README.md

@@ -9,7 +9,7 @@
 
 Pinakes is a self-hosted, full-featured ILS for schools, municipalities, and private collections. It focuses on automation, extensibility, and a usable public catalog without requiring a web team.
 
-[![Version](https://img.shields.io/badge/version-0.4.9.8-0ea5e9?style=for-the-badge)](version.json)
+[![Version](https://img.shields.io/badge/version-0.4.9.9-0ea5e9?style=for-the-badge)](version.json)
 [![Installer Ready](https://img.shields.io/badge/one--click_install-ready-22c55e?style=for-the-badge&logo=azurepipelines&logoColor=white)](installer)
 [![License](https://img.shields.io/badge/License-GPL--3.0-orange?style=for-the-badge)](LICENSE)
 
@@ -24,7 +24,41 @@ Pinakes is a self-hosted, full-featured ILS for schools, municipalities, and pri
 
 ---
 
-## What's New in v0.4.9.8
+## What's New in v0.4.9.9
+
+### 📖 Inline PDF Viewer, Search Improvements & Bug Fixes
+
+**Digital Library Plugin v1.3.0 — Inline PDF Viewer (Issue #80):**
+- **Inline PDF reader** — Browser-native `<iframe>` PDF viewer on book detail pages (zero dependencies — uses Chrome's PDFium, Firefox's PDF.js, etc.)
+- **Lazy-loaded iframe** — PDF is fetched only when the viewer is opened (MutationObserver pattern), no performance impact on page load
+- **ePub fix** — ePub downloads now open in a new tab (`target="_blank"`) instead of navigating away from the page
+- **Accessible toggle buttons** — `aria-controls` and `aria-expanded` attributes on PDF viewer and audiobook player toggles
+- **Auto-hook registration** — New plugin hooks are auto-registered on page load if missing from the database
+
+**Search Improvements (Issue #83):**
+- **Description-inclusive search** — Header search, admin book search, and unified search all query `COALESCE(descrizione_plain, descrizione)` so description-only matches are returned
+- **HTML-free search column** — New `descrizione_plain` column stores a `strip_tags()` version of the description. New and edited rows search against plain text, so HTML tag names stop polluting results once the column has been populated (existing rows use COALESCE fallback until backfilled)
+
+**Database Migration (`migrate_0.4.9.9.sql`):**
+- Adds `descrizione_plain TEXT DEFAULT NULL` column to `libri` table
+- Fully idempotent with `INFORMATION_SCHEMA` check
+- PHP backfill via BookRepository on create/update; COALESCE fallback for existing rows
+
+**Bug Fixes:**
+- **Genre filter 500 error** — Fixed subgenre filtering that caused HTTP 500 in catalog (Issue #90)
+- **Clickable genre hierarchy** — Genre breadcrumbs are now clickable links for filtering
+- **CSV export cleanup** — `descrizione` now follows `sottotitolo`, HTML tags stripped for clean output
+
+**Translations:**
+- All PDF viewer strings translated in Italian, English, and German
+- Browser-agnostic hint text (no platform-specific keyboard shortcuts)
+
+---
+
+## Previous Releases
+
+<details>
+<summary><strong>v0.4.9.8</strong> - Security, Database Integrity & Code Quality</summary>
 
 ### 🔒 Security, Database Integrity & Code Quality
 
@@ -51,9 +85,7 @@ Pinakes is a self-hosted, full-featured ILS for schools, municipalities, and pri
 - **ON DELETE SET NULL rationale** — Documented why soft-deleted book rows are safe for genre deletion (FK auto-nullifies)
 - **Email notification test suite** — 16 Playwright E2E tests covering all email types via Mailpit (both SMTP and phpmail drivers)
 
----
-
-## Previous Releases
+</details>
 
 <details>
 <summary><strong>v0.4.9.7</strong> - Comprehensive Codebase Review — Security, Reliability & Code Quality</summary>
@@ -598,7 +630,7 @@ curl "http://yoursite.com/api/sru?operation=searchRetrieve&query=bath.isbn=97888
 - **Retry logic** with exponential backoff
 - **Error logging** and debugging tools
 
-### 4. Digital Library (`digital-library-v1.2.0.zip`)
+### 4. Digital Library (`digital-library-v1.3.0.zip`)
 - **eBook support** (PDF, ePub) with download tracking
 - **Audiobook streaming** (MP3, M4A, OGG) with HTML5 player
 - **Per-item digital asset management** (unlimited files per book)

app/Controllers/FrontendController.php

@@ -5,6 +5,7 @@
 
 use App\Repositories\RecensioniRepository;
 use App\Support\Branding;
+use App\Support\ConfigStore;
 use App\Support\HtmlHelper;
 use App\Support\RouteTranslator;
 use mysqli;
@@ -403,6 +404,7 @@ public function catalog(Request $request, Response $response, mysqli $db): Respo
             LEFT JOIN generi g ON l.genere_id = g.id
             LEFT JOIN generi gp ON g.parent_id = gp.id
             LEFT JOIN generi gpp ON gp.parent_id = gpp.id
+            LEFT JOIN generi sg ON l.sottogenere_id = sg.id
             WHERE l.deleted_at IS NULL
         ";
 
@@ -479,13 +481,14 @@ public function catalogAPI(Request $request, Response $response, mysqli $db): Re
         $param_types = $where_conditions['types'];
 
         // Query base senza JOIN con autori per evitare duplicati
-        // Include genre parents/grandparents to support filtering at any level
+        // Include genre parents/grandparents/subgenre to support filtering at any level
         $base_query = "
             FROM libri l
             LEFT JOIN editori e ON l.editore_id = e.id
             LEFT JOIN generi g ON l.genere_id = g.id
             LEFT JOIN generi gp ON g.parent_id = gp.id
             LEFT JOIN generi gpp ON gp.parent_id = gpp.id
+            LEFT JOIN generi sg ON l.sottogenere_id = sg.id
             WHERE l.deleted_at IS NULL
         ";
 
@@ -650,6 +653,11 @@ public function bookDetail(Request $request, Response $response, mysqli $db): Re
         $reviews = $recensioniRepo->getApprovedReviewsForBook($book_id);
         $reviewStats = $recensioniRepo->getReviewStats($book_id);
 
+        // Social sharing
+        $sharingProviders = array_filter(explode(',', (string) ConfigStore::get('sharing.enabled_providers', '')));
+        $shareUrl = absoluteUrl(book_url($book));
+        $shareTitle = $book['titolo'] ?? '';
+
         // Render template
         $container = $this->container;
         ob_start();
@@ -885,26 +893,30 @@ private function getFilterOptions(mysqli $db, array $filters = []): array
                    LEFT JOIN generi gf ON l.genere_id = gf.id
                    LEFT JOIN generi gfp ON gf.parent_id = gfp.id
                    LEFT JOIN generi gfpp ON gfp.parent_id = gfpp.id
+                   LEFT JOIN generi sg ON l.sottogenere_id = sg.id
                    WHERE (
                        l.genere_id = g.id
+                       OR l.sottogenere_id = g.id
                        OR l.genere_id IN (SELECT id FROM generi WHERE parent_id = g.id)
+                       OR l.sottogenere_id IN (SELECT id FROM generi WHERE parent_id = g.id)
                        OR l.genere_id IN (SELECT gc.id FROM generi gc JOIN generi gp ON gc.parent_id = gp.id WHERE gp.parent_id = g.id)
+                       OR l.sottogenere_id IN (SELECT gc.id FROM generi gc JOIN generi gp ON gc.parent_id = gp.id WHERE gp.parent_id = g.id)
                    )
                    {$whereClauseGen}
                ) AS cnt
         FROM (
-            -- Select all genres that have books or are parents of genres with books
+            -- Select all genres that have books via genere_id or sottogenere_id
             SELECT DISTINCT g.id FROM generi g
-            JOIN libri l ON g.id = l.genere_id AND l.deleted_at IS NULL
+            JOIN libri l ON (g.id = l.genere_id OR g.id = l.sottogenere_id) AND l.deleted_at IS NULL
             UNION
             SELECT DISTINCT gp.id FROM generi g
             JOIN generi gp ON g.parent_id = gp.id
-            JOIN libri l ON g.id = l.genere_id AND l.deleted_at IS NULL
+            JOIN libri l ON (g.id = l.genere_id OR g.id = l.sottogenere_id) AND l.deleted_at IS NULL
             UNION
             SELECT DISTINCT gpp.id FROM generi g
             JOIN generi gp ON g.parent_id = gp.id
             JOIN generi gpp ON gp.parent_id = gpp.id
-            JOIN libri l ON g.id = l.genere_id AND l.deleted_at IS NULL
+            JOIN libri l ON (g.id = l.genere_id OR g.id = l.sottogenere_id) AND l.deleted_at IS NULL
         ) as genre_ids
         JOIN generi g ON genre_ids.id = g.id
         ORDER BY g.parent_id, g.nome
@@ -944,6 +956,7 @@ private function getFilterOptions(mysqli $db, array $filters = []): array
         LEFT JOIN generi g ON l.genere_id = g.id
         LEFT JOIN generi gp ON g.parent_id = gp.id
         LEFT JOIN generi gpp ON gp.parent_id = gpp.id
+        LEFT JOIN generi sg ON l.sottogenere_id = sg.id
     ";
     if (!empty($conditionsEd)) {
         // Keep all conditions including genre filter
@@ -975,6 +988,7 @@ private function getFilterOptions(mysqli $db, array $filters = []): array
         LEFT JOIN generi g ON l.genere_id = g.id
         LEFT JOIN generi gp ON g.parent_id = gp.id
         LEFT JOIN generi gpp ON gp.parent_id = gpp.id
+        LEFT JOIN generi sg ON l.sottogenere_id = sg.id
         WHERE l.deleted_at IS NULL
     ";
     if (!empty($conditionsAvail)) {

app/Controllers/LibriController.php

@@ -2766,14 +2766,14 @@ public function exportCsv(Request $request, Response $response, mysqli $db): Res
                 'ean',
                 'titolo',
                 'sottotitolo',
+                'descrizione',
                 'autori',
                 'editore',
                 'anno_pubblicazione',
                 'lingua',
                 'edizione',
                 'numero_pagine',
                 'genere',
-                'descrizione',
                 'formato',
                 'prezzo',
                 'copie_totali',
@@ -2795,21 +2795,29 @@ public function exportCsv(Request $request, Response $response, mysqli $db): Res
                 $row = $this->formatLibraryThingRow($libro, $anno);
             } else {
                 // Standard format (default)
+                // Block-aware HTML→plain text for clean CSV output
+                $rawDesc = (string) ($libro['descrizione'] ?? '');
+                $rawDesc = preg_replace('/<(?:\/?(?:p|div|li|ul|ol|h[1-6]|blockquote|tr|th|td)\b[^>]*|br\b[^>]*\/?)>/i', "\n", $rawDesc);
+                $rawDesc = html_entity_decode(strip_tags((string) $rawDesc), ENT_QUOTES | ENT_HTML5, 'UTF-8');
+                $rawDesc = str_replace("\xC2\xA0", ' ', (string) $rawDesc);
+                $rawDesc = (string) preg_replace("/[ \t]+/", ' ', $rawDesc);
+                $rawDesc = (string) preg_replace("/\n{3,}/", "\n\n", $rawDesc);
+                $descrizione = trim($rawDesc);
                 $row = [
                     $libro['id'] ?? '',
                     $libro['isbn10'] ?? '',
                     $libro['isbn13'] ?? '',
                     $libro['ean'] ?? '',
                     $libro['titolo'] ?? '',
                     $libro['sottotitolo'] ?? '',
+                    $descrizione,
                     $libro['autori_nomi'] ?? '',
                     $libro['editore_nome'] ?? '',
                     $anno,
                     $libro['lingua'] ?? '',
                     $libro['edizione'] ?? '',
                     $libro['numero_pagine'] ?? '',
                     $libro['genere_nome'] ?? '',
-                    $libro['descrizione'] ?? '',
                     $libro['formato'] ?? '',
                     $libro['prezzo'] ?? '',
                     $libro['copie_totali'] ?? '1',

app/Controllers/SearchController.php

@@ -128,10 +128,10 @@ public function books(Request $request, Response $response, mysqli $db): Respons
                        l.copie_disponibili,
                        l.copie_totali
                 FROM libri l
-                WHERE l.deleted_at IS NULL AND (l.titolo LIKE ? OR l.sottotitolo LIKE ? OR l.isbn10 LIKE ? OR l.isbn13 LIKE ? OR l.ean LIKE ?)
+                WHERE l.deleted_at IS NULL AND (l.titolo LIKE ? OR l.sottotitolo LIKE ? OR l.isbn10 LIKE ? OR l.isbn13 LIKE ? OR l.ean LIKE ? OR COALESCE(l.descrizione_plain, l.descrizione) LIKE ?)
                 ORDER BY l.titolo
             ");
-            $stmt->bind_param('sssss', $s, $s, $s, $s, $s);
+            $stmt->bind_param('ssssss', $s, $s, $s, $s, $s, $s);
             $stmt->execute();
             $res = $stmt->get_result();
             while ($r = $res->fetch_assoc()) {
@@ -227,18 +227,18 @@ private function searchBooks(mysqli $db, string $query): array
         $results = [];
         $s = '%'.$query.'%';
 
-        // Search by ISBN, EAN, title, subtitle - include author via subquery
+        // Search by ISBN, EAN, title, subtitle, description - include author via subquery
         $stmt = $db->prepare("
             SELECT l.id, l.titolo AS label, l.isbn10, l.isbn13, l.ean,
                    (SELECT GROUP_CONCAT(a.nome ORDER BY la.ruolo='principale' DESC, a.nome SEPARATOR ', ')
                     FROM libri_autori la
                     JOIN autori a ON la.autore_id = a.id
                     WHERE la.libro_id = l.id) AS autori
             FROM libri l
-            WHERE l.deleted_at IS NULL AND (l.isbn10 LIKE ? OR l.isbn13 LIKE ? OR l.ean LIKE ? OR l.titolo LIKE ? OR l.sottotitolo LIKE ?)
+            WHERE l.deleted_at IS NULL AND (l.isbn10 LIKE ? OR l.isbn13 LIKE ? OR l.ean LIKE ? OR l.titolo LIKE ? OR l.sottotitolo LIKE ? OR COALESCE(l.descrizione_plain, l.descrizione) LIKE ?)
             ORDER BY l.titolo LIMIT 10
         ");
-        $stmt->bind_param('sssss', $s, $s, $s, $s, $s);
+        $stmt->bind_param('ssssss', $s, $s, $s, $s, $s, $s);
         $stmt->execute();
         $res = $stmt->get_result();
 
@@ -348,10 +348,10 @@ private function searchBooksWithDetails(mysqli $db, string $query): array
             FROM libri l
             LEFT JOIN libri_autori la ON l.id = la.libro_id
             LEFT JOIN autori a ON la.autore_id = a.id
-            WHERE l.deleted_at IS NULL AND (l.titolo LIKE ? OR l.sottotitolo LIKE ? OR l.isbn10 LIKE ? OR l.isbn13 LIKE ? OR l.ean LIKE ? OR a.nome LIKE ?)
+            WHERE l.deleted_at IS NULL AND (l.titolo LIKE ? OR l.sottotitolo LIKE ? OR COALESCE(l.descrizione_plain, l.descrizione) LIKE ? OR l.isbn10 LIKE ? OR l.isbn13 LIKE ? OR l.ean LIKE ? OR a.nome LIKE ?)
             ORDER BY l.titolo LIMIT 8
         ");
-        $stmt->bind_param('ssssss', $s, $s, $s, $s, $s, $s);
+        $stmt->bind_param('sssssss', $s, $s, $s, $s, $s, $s, $s);
         $stmt->execute();
         $res = $stmt->get_result();
 

app/Controllers/SettingsController.php

@@ -892,6 +892,30 @@ private function getCookieBannerTextFieldMap(): array
         ];
     }
 
+    public function updateSharingSettings(Request $request, Response $response, mysqli $db): Response
+    {
+        $data = (array) $request->getParsedBody();
+        // CSRF validated by CsrfMiddleware
+
+        $repository = new SettingsRepository($db);
+        $repository->ensureTables();
+
+        $allowedSlugs = ['facebook', 'x', 'whatsapp', 'telegram', 'linkedin', 'reddit', 'pinterest', 'threads', 'bluesky', 'tumblr', 'pocket', 'vk', 'line', 'sms', 'email', 'copylink'];
+        $selected = $data['sharing_providers'] ?? [];
+        if (!is_array($selected)) {
+            $selected = [];
+        }
+        $selected = array_map(static fn($s) => strtolower(trim((string) $s)), $selected);
+        $valid = array_values(array_intersect($allowedSlugs, array_unique($selected)));
+        $value = implode(',', $valid);
+
+        $repository->set('sharing', 'enabled_providers', $value);
+        ConfigStore::set('sharing.enabled_providers', $value);
+
+        $_SESSION['success_message'] = __('Impostazioni di condivisione aggiornate.');
+        return $this->redirect($response, '/admin/settings?tab=sharing');
+    }
+
     private function redirect(Response $response, string $location): Response
     {
         return $response->withHeader('Location', $location)->withStatus(302);

app/Models/BookRepository.php

@@ -93,6 +93,20 @@ public function getById(int $id): ?array
         if (!$row)
             return null;
 
+        // Lazy backfill: populate descrizione_plain for pre-migration rows on first read
+        if ($this->hasColumn('descrizione_plain')
+            && $row['descrizione_plain'] === null
+            && !empty($row['descrizione'])
+        ) {
+            $plain = $this->toPlainTextDescription((string)$row['descrizione']);
+            $upd = $this->db->prepare("UPDATE libri SET descrizione_plain = ? WHERE id = ?");
+            if ($upd) {
+                $upd->bind_param('si', $plain, $id);
+                $upd->execute();
+            }
+            $row['descrizione_plain'] = $plain;
+        }
+
         // Resolve genre hierarchy for the 3-level cascade (Radice → Genere → Sottogenere)
         // Walk up the tree from genere_id to find the full ancestor chain, then map to cascade levels
         $this->resolveGenreHierarchy($row);
@@ -282,6 +296,10 @@ public function createBasic(array $data): int
         if ($this->hasColumn('descrizione')) {
             $addField('descrizione', 's', $data['descrizione'] ?? null);
         }
+        if ($this->hasColumn('descrizione_plain')) {
+            $raw = $data['descrizione'] ?? null;
+            $addField('descrizione_plain', 's', $this->toPlainTextDescription($raw));
+        }
         if ($this->hasColumn('parole_chiave')) {
             $addField('parole_chiave', 's', $data['parole_chiave'] ?? null);
         }
@@ -608,6 +626,10 @@ public function updateBasic(int $id, array $data): bool
         if ($this->hasColumn('descrizione')) {
             $addSet('descrizione', 's', $data['descrizione'] ?? null);
         }
+        if ($this->hasColumn('descrizione_plain')) {
+            $raw = $data['descrizione'] ?? null;
+            $addSet('descrizione_plain', 's', $this->toPlainTextDescription($raw));
+        }
         if ($this->hasColumn('parole_chiave')) {
             $addSet('parole_chiave', 's', $data['parole_chiave'] ?? null);
         }
@@ -1150,6 +1172,23 @@ private function resolveGenreHierarchy(array &$row): void
         }
     }
 
+    private function toPlainTextDescription(?string $html): ?string
+    {
+        if ($html === null || $html === '') {
+            return $html;
+        }
+        $text = preg_replace(
+            '/<(?:\/?(?:p|div|li|ul|ol|h[1-6]|blockquote|tr|th|td)\b[^>]*|br\b[^>]*\/?)>/i',
+            "\n",
+            $html
+        );
+        $text = html_entity_decode(strip_tags((string) $text), ENT_QUOTES | ENT_HTML5, 'UTF-8');
+        $text = str_replace("\xC2\xA0", ' ', (string) $text);
+        $text = preg_replace("/[ \t]+/", ' ', (string) $text);
+        $text = preg_replace("/\n{3,}/", "\n\n", (string) $text);
+        return trim((string) $text);
+    }
+
     private static array $columnCacheByDb = [];
     private function hasColumn(string $name): bool
     {

app/Routes/web.php

@@ -567,6 +567,12 @@
         return $controller->updateLabels($request, $response, $db);
     })->add(new CsrfMiddleware())->add(new AdminAuthMiddleware());
 
+    $app->post('/admin/settings/sharing', function ($request, $response) use ($app) {
+        $db = $app->getContainer()->get('db');
+        $controller = new SettingsController();
+        return $controller->updateSharingSettings($request, $response, $db);
+    })->add(new CsrfMiddleware())->add(new AdminAuthMiddleware());
+
     $app->post('/admin/settings/advanced', function ($request, $response) use ($app) {
         $db = $app->getContainer()->get('db');
         $controller = new SettingsController();

app/Support/ConfigStore.php

@@ -104,6 +104,9 @@ public static function all(): array
             'cms' => [
                 'events_page_enabled' => '1', // Default to enabled
             ],
+            'sharing' => [
+                'enabled_providers' => 'facebook,x,whatsapp,email',
+            ],
         ];
 
         $localizedDefaults = self::getLocaleDefaultTexts();
@@ -567,6 +570,13 @@ private static function loadDatabaseSettings(): array
                 }
             }
 
+            if (!empty($raw['sharing'])) {
+                self::$dbSettingsCache['sharing'] = [];
+                foreach ($raw['sharing'] as $key => $value) {
+                    self::$dbSettingsCache['sharing'][$key] = (string) $value;
+                }
+            }
+
             if (!empty($raw['system'])) {
                 self::$dbSettingsCache['system'] = [];
                 foreach ($raw['system'] as $key => $value) {