#
# This file is part of Koha.
#
-# Koha is free software; you can redistribute it and/or modify it under the
-# terms of the GNU General Public License as published by the Free Software
-# Foundation; either version 2 of the License, or (at your option) any later
-# version.
+# Koha is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
#
-# Koha is distributed in the hope that it will be useful, but WITHOUT ANY
-# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
-# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+# Koha is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
#
-# You should have received a copy of the GNU General Public License along with
-# Koha; if not, write to the Free Software Foundation, Inc., 59 Temple Place,
-# Suite 330, Boston, MA 02111-1307 USA
+# You should have received a copy of the GNU General Public License
+# along with Koha; if not, see <http://www.gnu.org/licenses>.
#
#
#
use File::Temp;
use File::Copy;
-use CGI;
+use CGI qw ( -utf8 );
use GD;
use C4::Context;
use C4::Auth;
use C4::Members;
use C4::Debug;
+use Koha::Patrons;
+use Koha::Patron::Images;
+use Koha::Token;
+
my $input = new CGI;
my ($template, $loggedinuser, $cookie)
debug => 0,
});
-my $filetype = $input->param('filetype');
+our $filetype = $input->param('filetype') || '';
my $cardnumber = $input->param('cardnumber');
-my $uploadfilename = $input->param('uploadfile');
+our $uploadfilename = $input->param('uploadfile') || '';
my $uploadfile = $input->upload('uploadfile');
my $borrowernumber = $input->param('borrowernumber');
my $op = $input->param('op') || '';
$debug and warn "Operation requested: $op";
-my ( $total, $handled, @counts, $tempfile, $tfh, %errors );
+my ( $total, $handled, $tempfile, $tfh );
+our @counts = ();
+our %errors = ();
+# Case is important in these operational values as the template must use case to be visually pleasing!
if ( ( $op eq 'Upload' ) && $uploadfile ) {
- # Case is important in these operational values as the template must use case to be visually pleasing!
+
+ output_and_exit( $input, $cookie, $template, 'wrong_csrf_token' )
+ unless Koha::Token->new->check_csrf({
+ session_id => scalar $input->cookie('CGISESSID'),
+ token => scalar $input->param('csrf_token'),
+ });
+
my $dirname = File::Temp::tempdir( CLEANUP => 1 );
$debug and warn "dirname = $dirname";
my $filesuffix;
}
close $tfh;
if ( $filetype eq 'zip' ) {
- unless ( system( "unzip", $tempfile, '-d', $dirname ) == 0 ) {
+ qx/unzip $tempfile -d $dirname/;
+ my $exit_code = $?;
+ unless ( $exit_code == 0 ) {
$errors{'UZIPFAIL'} = $uploadfilename;
$template->param( ERRORS => [ \%errors ] );
# This error is fatal to the import, so bail out here
#if ($filetype eq 'zip' )
$results = handle_dir( $dirname, $filesuffix, $template, $cardnumber,
$tempfile );
- $handled = 1;
+ $handled++ if $results == 1;
$total = 1;
}
- if ( %$results || %errors ) {
+ if ( $results!=1 || %errors ) {
$template->param( ERRORS => [$results] );
}
else {
$template->param( filetype => $filetype );
}
elsif ( $op eq 'Delete' ) {
- my $dberror = RmPatronImage($cardnumber);
- $debug and warn "Patron image deleted for $cardnumber";
- warn "Database returned $dberror" if $dberror;
+ output_and_exit( $input, $cookie, $template, 'wrong_csrf_token' )
+ unless Koha::Token->new->check_csrf({
+ session_id => scalar $input->cookie('CGISESSID'),
+ token => scalar $input->param('csrf_token'),
+ });
+
+ my $deleted = eval {
+ Koha::Patron::Images->find( $borrowernumber )->delete;
+ };
+ if ( $@ or not $deleted ) {
+ warn "Image for patron '$borrowernumber' has not been deleted";
+ }
}
if ( $borrowernumber && !%errors && !$template->param('ERRORS') ) {
print $input->redirect(
"/cgi-bin/koha/members/moremember.pl?borrowernumber=$borrowernumber");
}
else {
+ $template->param(
+ csrf_token => Koha::Token->new->generate_csrf({
+ session_id => scalar $input->cookie('CGISESSID'),
+ }),
+ );
output_html_with_http_headers $input, $cookie, $template->output;
}
$debug and warn "Image is of mimetype $mimetype";
my $dberror;
if ($mimetype) {
- $dberror =
- PutPatronImage( $cardnumber, $mimetype, $imgfile );
- }
- if ( !$dberror && $mimetype ) {
- # Errors from here on are fatal only to the import of a particular image
- #so don't bail, just note the error and keep going
- $count{count}++;
- push @{ $count{filenames} },
- { source => $filename, cardnumber => $cardnumber };
- }
- elsif ($dberror) {
- warn "Database returned error: $dberror";
- ( $dberror =~ /patronimage_fk1/ )
- ? $filerrors{'IMGEXISTS'} = 1
- : $filerrors{'DBERR'} = 1;
- push my @filerrors, \%filerrors;
- push @{ $count{filenames} },
- {
- filerrors => \@filerrors,
- source => $filename,
- cardnumber => $cardnumber
- };
- $template->param( ERRORS => 1 );
+ my $patron = Koha::Patrons->find({ cardnumber => $cardnumber });
+ if ( $patron ) {
+ my $image = $patron->image;
+ $image ||= Koha::Patron::Image->new({ borrowernumber => $patron->borrowernumber });
+ $image->set({
+ mimetype => $mimetype,
+ imagefile => $imgfile,
+ });
+ eval { $image->store };
+ if ( $@ ) {
+ # Errors from here on are fatal only to the import of a particular image
+ #so don't bail, just note the error and keep going
+ warn "Database returned error: $@";
+ $filerrors{'DBERR'} = 1;
+ push my @filerrors, \%filerrors;
+ push @{ $count{filenames} },
+ {
+ filerrors => \@filerrors,
+ source => $filename,
+ cardnumber => $cardnumber
+ };
+ $template->param( ERRORS => 1 );
+ } else {
+ $count{count}++;
+ push @{ $count{filenames} },
+ { source => $filename, cardnumber => $cardnumber };
+ }
+ } else {
+ warn "Patron with the cardnumber '$cardnumber' does not exist";
+ $filerrors{'CARDNUMBER_DOES_NOT_EXIST'} = 1;
+ push my @filerrors, \%filerrors;
+ push @{ $count{filenames} },
+ {
+ filerrors => \@filerrors,
+ source => $filename,
+ cardnumber => $cardnumber
+ };
+ $template->param( ERRORS => 1 );
+ }
}
- elsif ( !$mimetype ) {
+ else {
warn "Unable to determine mime type of $filename. Please verify mimetype.";
$filerrors{'MIMERR'} = 1;
push my @filerrors, \%filerrors;
projects / koha.git / blobdiff