X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;f=basket%2Fsendbasket.pl;h=224db2de6f9bed28e2dc57574ca062b1e92cbe6a;hb=a3e8e12364bf266e230b80bd4389cdc3a403b649;hp=66f73fa019e7bff752e0e19052c1d27ff4351c64;hpb=bd73c9f9ce8d161a1ed0f2e1205e5c0c8eecb0ae;p=koha.git

diff --git a/basket/sendbasket.pl b/basket/sendbasket.pl
index 66f73fa019..224db2de6f 100755
--- a/basket/sendbasket.pl
+++ b/basket/sendbasket.pl
@@ -2,69 +2,66 @@
 
 # This file is part of Koha.
 #
-# Koha is free software; you can redistribute it and/or modify it under the
-# terms of the GNU General Public License as published by the Free Software
-# Foundation; either version 2 of the License, or (at your option) any later
-# version.
+# Koha is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
 #
-# Koha is distributed in the hope that it will be useful, but WITHOUT ANY
-# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
-# A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+# Koha is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
 #
-# You should have received a copy of the GNU General Public License along with
-# Koha; if not, write to the Free Software Foundation, Inc., 59 Temple Place,
-# Suite 330, Boston, MA  02111-1307 USA
+# You should have received a copy of the GNU General Public License
+# along with Koha; if not, see <http://www.gnu.org/licenses>.
 
-use strict;
-use warnings;
+use Modern::Perl;
 
-use CGI;
+use CGI qw ( -utf8 );
 use Encode qw(encode);
 use Carp;
-
 use Mail::Sendmail;
 use MIME::QuotedPrint;
 use MIME::Base64;
+
 use C4::Biblio;
 use C4::Items;
 use C4::Auth;
 use C4::Output;
-use C4::Biblio;
+use C4::Templates ();
+use Koha::Email;
+use Koha::Token;
 
 my $query = new CGI;
 
 my ( $template, $borrowernumber, $cookie ) = get_template_and_user (
     {
-        template_name   => "basket/sendbasketform.tmpl",
+        template_name   => "basket/sendbasketform.tt",
         query           => $query,
         type            => "intranet",
         authnotrequired => 0,
-        flagsrequired   => { borrow => 1 },
+        flagsrequired   => { catalogue => 1 },
     }
 );
 
-my $bib_list     = $query->param('bib_list');
+my $bib_list     = $query->param('bib_list') || '';
 my $email_add    = $query->param('email_add');
-my $email_sender = $query->param('email_sender');
 
 my $dbh          = C4::Context->dbh;
 
 if ( $email_add ) {
-    my $email_from = C4::Context->preference('KohaAdminEmailAddress');
+    die "Wrong CSRF token" unless Koha::Token->new->check_csrf({
+        session_id => scalar $query->cookie('CGISESSID'),
+        token  => scalar $query->param('csrf_token'),
+    });
+    my $email = Koha::Email->new();
+    my %mail = $email->create_message_headers({ to => $email_add });
     my $comment    = $query->param('comment');
-    my %mail = (
-        To   => $email_add,
-        From => $email_from
-    );
 
-    my ( $template2, $borrowernumber, $cookie ) = get_template_and_user(
-        {
-            template_name   => "basket/sendbasket.tmpl",
-            query           => $query,
-            type            => "intranet",
-            authnotrequired => 0,
-            flagsrequired   => { borrow => 1 },
-        }
+    # Since we are already logged in, no need to check credentials again
+    # when loading a second template.
+    my $template2 = C4::Templates::gettemplate(
+        'basket/sendbasket.tt', 'intranet', $query,
     );
 
     my @bibs = split( /\//, $bib_list );
@@ -75,8 +72,10 @@ if ( $email_add ) {
         $template2->param( biblionumber => $biblionumber );
 
         my $dat              = GetBiblioData($biblionumber);
-        my $record           = GetMarcBiblio($biblionumber);
-        my $marcnotesarray   = GetMarcNotes( $record, $marcflavour );
+        next unless $dat;
+        my $record           = GetMarcBiblio({
+            biblionumber => $biblionumber,
+            embed_items => 1 });
         my $marcauthorsarray = GetMarcAuthors( $record, $marcflavour );
         my $marcsubjctsarray = GetMarcSubjects( $record, $marcflavour );
 
@@ -88,7 +87,6 @@ if ( $email_add ) {
         }
 	
 
-        $dat->{MARCNOTES}      = $marcnotesarray;
         $dat->{MARCSUBJCTS}    = $marcsubjctsarray;
         $dat->{MARCAUTHORS}    = $marcauthorsarray;
         $dat->{HASAUTHORS}     = $hasauthors;
@@ -103,7 +101,6 @@ if ( $email_add ) {
     my $resultsarray = \@results;
     $template2->param(
         BIBLIO_RESULTS => $resultsarray,
-        email_sender   => $email_sender,
         comment        => $comment
     );
 
@@ -112,33 +109,35 @@ if ( $email_add ) {
     my $body;
 
     # Analysing information and getting mail properties
-    if ( $template_res =~ /<SUBJECT>\n(.*)\n<END_SUBJECT>/s ) {
-        $mail{'subject'} = $1;
+    if ( $template_res =~ /<SUBJECT>(.*)<END_SUBJECT>/s ) {
+        $mail{subject} = $1;
+        $mail{subject} =~ s|\n?(.*)\n?|$1|;
+        $mail{subject} = Encode::encode("UTF-8", $mail{subject});
     }
     else { $mail{'subject'} = "no subject"; }
 
     my $email_header = "";
-    if ( $template_res =~ /<HEADER>\n(.*)\n<END_HEADER>/s ) {
+    if ( $template_res =~ /<HEADER>(.*)<END_HEADER>/s ) {
         $email_header = $1;
+        $email_header =~ s|\n?(.*)\n?|$1|;
+        $email_header = encode_qp(Encode::encode("UTF-8", $email_header));
     }
 
     my $email_file = "basket.txt";
-    if ( $template_res =~ /<FILENAME>\n(.*)\n<END_FILENAME>/s ) {
+    if ( $template_res =~ /<FILENAME>(.*)<END_FILENAME>/s ) {
         $email_file = $1;
+        $email_file =~ s|\n?(.*)\n?|$1|;
     }
 
-    if ( $template_res =~ /<MESSAGE>\n(.*)\n<END_MESSAGE>/s ) { $body = encode_qp($1); }
+    if ( $template_res =~ /<MESSAGE>(.*)<END_MESSAGE>/s ) {
+        $body = $1;
+        $body =~ s|\n?(.*)\n?|$1|;
+        $body = encode_qp(Encode::encode("UTF-8", $body));
+    }
 
     my $boundary = "====" . time() . "====";
 
-    #     $mail{'content-type'} = "multipart/mixed; boundary=\"$boundary\"";
-    #
-    #     $email_header = encode_qp($email_header);
-    #
-    #     $boundary = "--".$boundary;
-    #
-    #     # Writing mail
-    #     $mail{body} =
+    # Writing mail
     $mail{'content-type'} = "multipart/mixed; boundary=\"$boundary\"";
     my $isofile = encode_base64(encode("UTF-8", $iso2709));
     $boundary = '--' . $boundary;
@@ -172,11 +171,12 @@ END_OF_BODY
     output_html_with_http_headers $query, $cookie, $template->output;
 }
 else {
-    $template->param( bib_list => $bib_list );
     $template->param(
+        bib_list       => $bib_list,
         url            => "/cgi-bin/koha/basket/sendbasket.pl",
         suggestion     => C4::Context->preference("suggestion"),
         virtualshelves => C4::Context->preference("virtualshelves"),
+        csrf_token     => Koha::Token->new->generate_csrf({ session_id => scalar $query->cookie('CGISESSID'), }),
     );
     output_html_with_http_headers $query, $cookie, $template->output;
 }