# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
-# You should have received a copy of the GNU General Public License along with
-# Koha; if not, write to the Free Software Foundation, Inc., 59 Temple Place,
-# Suite 330, Boston, MA 02111-1307 USA
+# You should have received a copy of the GNU General Public License along
+# with Koha; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
use strict;
use warnings;
+use List::MoreUtils qw(any);
+
use C4::ILSDI::Services;
use C4::Auth;
use C4::Output;
This script is a basic implementation of ILS-DI protocol for Koha.
It acts like a dispatcher, that get the CGI request, check required and
-optionals arguments, call a function from C4::ILS-DI::Services, and finaly
+optionals arguments, call a function from C4::ILS-DI, and finaly
outputs the returned hashref as XML.
=cut
'CancelHold' => [],
);
-# If ILS-DI module is disabled in System->Preferences, redirect to 404
-if ( not C4::Context->preference('ILS-DI') ) {
- print $cgi->redirect("/cgi-bin/koha/errors/404.pl");
-}
-
# If no service is requested, display the online documentation
-if ( not $cgi->param('service') ) {
+unless ( $cgi->param('service') ) {
my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
{ template_name => "ilsdi.tmpl",
query => $cgi,
}
# If user requested a service description, then display it
-if ( $cgi->param('service') eq "Describe" and grep { $cgi->param('verb') eq $_ } @services ) {
+if ( $cgi->param('service') eq "Describe" and any { $cgi->param('verb') eq $_ } @services ) {
my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
{ template_name => "ilsdi.tmpl",
query => $cgi,
exit 0;
}
-my $service = $cgi->param('service') || "ilsdi";
+# any output after this point will be UTF-8 XML
+binmode STDOUT, ':encoding(UTF-8)';
+print CGI::header('-type'=>'text/xml', '-charset'=>'utf-8');
my $out;
+# If ILS-DI module is disabled in System->Preferences, redirect to 404
+unless ( C4::Context->preference('ILS-DI') ) {
+ $out->{'code'} = "NotAllowed";
+ $out->{'message'} = "ILS-DI is disabled.";
+}
+
+# If the remote address is not allowed, redirect to 403
+my @AuthorizedIPs = split(/,/, C4::Context->preference('ILS-DI:AuthorizedIPs'));
+if ( @AuthorizedIPs # If no filter set, allow access to everybody
+ and not any { $ENV{'REMOTE_ADDR'} eq $_ } @AuthorizedIPs # IP Check
+ ) {
+ $out->{'code'} = "NotAllowed";
+ $out->{'message'} = "Unauthorized IP address: ".$ENV{'REMOTE_ADDR'}.".";
+}
+
+my $service = $cgi->param('service') || "ilsdi";
+
# Check if the requested service is in the list
-if ( $service and grep { $service eq $_ } @services ) {
+if ( $service and any { $service eq $_ } @services ) {
my @parmsrequired = @{ $required{$service} };
my @parmsoptional = @{ $optional{$service} };
my @parmsall = ( @parmsrequired, @parmsoptional );
my @names = $cgi->param;
- my %paramhash = ();
- foreach my $name (@names) {
- $paramhash{$name} = 1;
- }
+ my %paramhash;
+ $paramhash{$_} = 1 for @names;
# check for missing parameters
- foreach my $name (@parmsrequired) {
- if ( ( !exists $paramhash{$name} ) ) {
- $out->{'message'} = "missing $name parameter";
+ for ( @parmsrequired ) {
+ unless ( exists $paramhash{$_} ) {
+ $out->{'code'} = "MissingParameter";
+ $out->{'message'} = "The required parameter ".$_." is missing.";
}
}
# check for illegal parameters
- foreach my $name (@names) {
+ for my $name ( @names ) {
my $found = 0;
- foreach my $name2 (@parmsall) {
+ for my $name2 (@parmsall) {
if ( $name eq $name2 ) {
$found = 1;
}
}
- if ( ( $found == 0 ) && ( $name ne 'service' ) ) {
- $out->{'message'} = "$name is an illegal parameter";
+ if ( $found == 0 && $name ne 'service' ) {
+ $out->{'code'} = "IllegalParameter";
+ $out->{'message'} = "The parameter ".$name." is illegal.";
}
}
# check for multiple parameters
- foreach my $name (@names) {
- my @values = $cgi->param($name);
+ for ( @names ) {
+ my @values = $cgi->param($_);
if ( $#values != 0 ) {
- $out->{'message'} = "multiple values are not allowed for the $name parameter";
+ $out->{'code'} = "MultipleValuesNotAllowed";
+ $out->{'message'} = "Multiple values not allowed for the parameter ".$_.".";
}
}
# GetAvailability is a special case, as it cannot use XML::Simple
if ( $service eq "GetAvailability" ) {
- print CGI::header('text/xml');
print C4::ILSDI::Services::GetAvailability($cgi);
exit 0;
} else {
}
# Output XML by passing the hashref to XMLOut
-print CGI::header('text/xml');
print XMLout(
$out,
noattr => 1,
- noescape => 1,
nosort => 1,
- xmldecl => '<?xml version="1.0" encoding="ISO-8859-1" ?>',
+ xmldecl => '<?xml version="1.0" encoding="UTF-8" ?>',
RootName => $service,
SuppressEmpty => 1
);
+exit 0;