projects
/
koha.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
register rfid reader
[koha.git]
/
tools
/
picture-upload.pl
diff --git
a/tools/picture-upload.pl
b/tools/picture-upload.pl
index
a3b549e
..
54f18b5
100755
(executable)
--- a/
tools/picture-upload.pl
+++ b/
tools/picture-upload.pl
@@
-25,8
+25,6
@@
use File::Temp;
use File::Copy;
use CGI qw ( -utf8 );
use GD;
use File::Copy;
use CGI qw ( -utf8 );
use GD;
-use Digest::MD5 qw(md5_base64);
-use Encode qw( encode );
use C4::Context;
use C4::Auth;
use C4::Output;
use C4::Context;
use C4::Auth;
use C4::Output;
@@
-34,7
+32,6
@@
use C4::Members;
use C4::Debug;
use Koha::Patrons;
use C4::Debug;
use Koha::Patrons;
-use Koha::Patron::Image;
use Koha::Patron::Images;
use Koha::Token;
use Koha::Patron::Images;
use Koha::Token;
@@
-86,10
+83,9
@@
our %errors = ();
# Case is important in these operational values as the template must use case to be visually pleasing!
if ( ( $op eq 'Upload' ) && $uploadfile ) {
# Case is important in these operational values as the template must use case to be visually pleasing!
if ( ( $op eq 'Upload' ) && $uploadfile ) {
- die "Wrong CSRF token"
+ output_and_exit( $input, $cookie, $template, 'wrong_csrf_token' )
unless Koha::Token->new->check_csrf({
unless Koha::Token->new->check_csrf({
- id => Encode::encode( 'UTF-8', C4::Context->userenv->{id} ),
- secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
+ session_id => scalar $input->cookie('CGISESSID'),
token => scalar $input->param('csrf_token'),
});
token => scalar $input->param('csrf_token'),
});
@@
-119,7
+115,9
@@
if ( ( $op eq 'Upload' ) && $uploadfile ) {
}
close $tfh;
if ( $filetype eq 'zip' ) {
}
close $tfh;
if ( $filetype eq 'zip' ) {
- unless ( system( "unzip", $tempfile, '-d', $dirname ) == 0 ) {
+ qx/unzip $tempfile -d $dirname/;
+ my $exit_code = $?;
+ unless ( $exit_code == 0 ) {
$errors{'UZIPFAIL'} = $uploadfilename;
$template->param( ERRORS => [ \%errors ] );
# This error is fatal to the import, so bail out here
$errors{'UZIPFAIL'} = $uploadfilename;
$template->param( ERRORS => [ \%errors ] );
# This error is fatal to the import, so bail out here
@@
-174,10
+172,9
@@
elsif ( ( $op eq 'Upload' ) && !$uploadfile ) {
$template->param( filetype => $filetype );
}
elsif ( $op eq 'Delete' ) {
$template->param( filetype => $filetype );
}
elsif ( $op eq 'Delete' ) {
- die "Wrong CSRF token"
+ output_and_exit( $input, $cookie, $template, 'wrong_csrf_token' )
unless Koha::Token->new->check_csrf({
unless Koha::Token->new->check_csrf({
- id => Encode::encode( 'UTF-8', C4::Context->userenv->{id} ),
- secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
+ session_id => scalar $input->cookie('CGISESSID'),
token => scalar $input->param('csrf_token'),
});
token => scalar $input->param('csrf_token'),
});
@@
-195,8
+192,7
@@
if ( $borrowernumber && !%errors && !$template->param('ERRORS') ) {
else {
$template->param(
csrf_token => Koha::Token->new->generate_csrf({
else {
$template->param(
csrf_token => Koha::Token->new->generate_csrf({
- id => Encode::encode( 'UTF-8', C4::Context->userenv->{id} ),
- secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
+ session_id => scalar $input->cookie('CGISESSID'),
}),
);
output_html_with_http_headers $input, $cookie, $template->output;
}),
);
output_html_with_http_headers $input, $cookie, $template->output;