projects / koha.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Bug 19073: (bug 15758 follow-up) Dereference correct value from Koha::Object.
[koha.git] / tools / picture-upload.pl
diff --git a/tools/picture-upload.pl b/tools/picture-upload.pl
index 0d753d8..804bd96 100755 (executable)
--- a/tools/picture-upload.pl
+++ b/tools/picture-upload.pl
@@ -31,6 +31,10 @@ use C4::Output;
 use C4::Members;
 use C4::Debug;
 
+use Koha::Patrons;
+use Koha::Patron::Images;
+use Koha::Token;
+
 my $input = new CGI;
 
 my ($template, $loggedinuser, $cookie)
@@ -42,9 +46,9 @@ my ($template, $loggedinuser, $cookie)
                                        debug => 0,
                                        });
 
-my $filetype       = $input->param('filetype');
+our $filetype      = $input->param('filetype') || '';
 my $cardnumber     = $input->param('cardnumber');
-my $uploadfilename = $input->param('uploadfile');
+our $uploadfilename = $input->param('uploadfile') || '';
 my $uploadfile     = $input->upload('uploadfile');
 my $borrowernumber = $input->param('borrowernumber');
 my $op             = $input->param('op') || '';
@@ -72,10 +76,19 @@ Files greater than 100K will be refused. Images should be 140x200 pixels. If the
 
 $debug and warn "Operation requested: $op";
 
-my ( $total, $handled, @counts, $tempfile, $tfh, %errors );
+my ( $total, $handled, $tempfile, $tfh );
+our @counts = ();
+our %errors = ();
 
 # Case is important in these operational values as the template must use case to be visually pleasing!
 if ( ( $op eq 'Upload' ) && $uploadfile ) {
+
+    die "Wrong CSRF token"
+        unless Koha::Token->new->check_csrf({
+            session_id => scalar $input->cookie('CGISESSID'),
+            token  => scalar $input->param('csrf_token'),
+        });
+
     my $dirname = File::Temp::tempdir( CLEANUP => 1 );
     $debug and warn "dirname = $dirname";
     my $filesuffix;
@@ -157,15 +170,29 @@ elsif ( ( $op eq 'Upload' ) && !$uploadfile ) {
     $template->param( filetype   => $filetype );
 }
 elsif ( $op eq 'Delete' ) {
-    my $dberror = RmPatronImage($borrowernumber);
-    $debug and warn "Patron image deleted for $borrowernumber";
-    warn "Database returned $dberror" if $dberror;
+    die "Wrong CSRF token"
+        unless Koha::Token->new->check_csrf({
+            session_id => scalar $input->cookie('CGISESSID'),
+            token  => scalar $input->param('csrf_token'),
+        });
+
+    my $deleted = eval {
+        Koha::Patron::Images->find( $borrowernumber )->delete;
+    };
+    if ( $@ or not $deleted ) {
+        warn "Image for patron '$borrowernumber' has not been deleted";
+    }
 }
 if ( $borrowernumber && !%errors && !$template->param('ERRORS') ) {
     print $input->redirect(
         "/cgi-bin/koha/members/moremember.pl?borrowernumber=$borrowernumber");
 }
 else {
+    $template->param(
+        csrf_token => Koha::Token->new->generate_csrf({
+            session_id => scalar $input->cookie('CGISESSID'),
+        }),
+    );
     output_html_with_http_headers $input, $cookie, $template->output;
 }
 
@@ -310,31 +337,47 @@ sub handle_file {
                 $debug and warn "Image is of mimetype $mimetype";
                 my $dberror;
                 if ($mimetype) {
-                    $dberror =
-                      PutPatronImage( $cardnumber, $mimetype, $imgfile );
-                }
-                if ( !$dberror && $mimetype ) {
-                    # Errors from here on are fatal only to the import of a particular image
-                    #so don't bail, just note the error and keep going
-                    $count{count}++;
-                    push @{ $count{filenames} },
-                      { source => $filename, cardnumber => $cardnumber };
-                }
-                elsif ($dberror) {
-                    warn "Database returned error: $dberror";
-                    ( $dberror =~ /patronimage_fk1/ )
-                      ? $filerrors{'IMGEXISTS'} = 1
-                      : $filerrors{'DBERR'} = 1;
-                    push my @filerrors, \%filerrors;
-                    push @{ $count{filenames} },
-                      {
-                        filerrors  => \@filerrors,
-                        source     => $filename,
-                        cardnumber => $cardnumber
-                      };
-                    $template->param( ERRORS => 1 );
+                    my $patron = Koha::Patrons->find({ cardnumber => $cardnumber });
+                    if ( $patron ) {
+                        my $image = $patron->image;
+                        $image ||= Koha::Patron::Image->new({ borrowernumber => $patron->borrowernumber });
+                        $image->set({
+                            mimetype => $mimetype,
+                            imagefile => $imgfile,
+                        });
+                        eval { $image->store };
+                        if ( $@ ) {
+                            # Errors from here on are fatal only to the import of a particular image
+                            #so don't bail, just note the error and keep going
+                            warn "Database returned error: $@";
+                            $filerrors{'DBERR'} = 1;
+                            push my @filerrors, \%filerrors;
+                            push @{ $count{filenames} },
+                              {
+                                filerrors  => \@filerrors,
+                                source     => $filename,
+                                cardnumber => $cardnumber
+                              };
+                            $template->param( ERRORS => 1 );
+                        } else {
+                            $count{count}++;
+                            push @{ $count{filenames} },
+                              { source => $filename, cardnumber => $cardnumber };
+                        }
+                    } else {
+                        warn "Patron with the cardnumber '$cardnumber' does not exist";
+                        $filerrors{'CARDNUMBER_DOES_NOT_EXIST'} = 1;
+                        push my @filerrors, \%filerrors;
+                        push @{ $count{filenames} },
+                          {
+                            filerrors  => \@filerrors,
+                            source     => $filename,
+                            cardnumber => $cardnumber
+                          };
+                        $template->param( ERRORS => 1 );
+                    }
                 }
-                elsif ( !$mimetype ) {
+                else {
                     warn "Unable to determine mime type of $filename. Please verify mimetype.";
                     $filerrors{'MIMERR'} = 1;
                     push my @filerrors, \%filerrors;
Koha ILS @ FFZG - based on git://git.koha.org/pub/scm/koha.git