X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;f=installer%2FInstallAuth.pm;h=0015a14e2d6e581d178fe8b6e60d8b70e0fee67e;hb=c6f091cc2348512e5a707cc9e0d8286b8e2ada0c;hp=3efc407179e3d6b3799232a1b2ea6e4769493964;hpb=240edb6c0da80d3d932442ccd96f9f98e31260c3;p=koha.git diff --git a/installer/InstallAuth.pm b/installer/InstallAuth.pm index 3efc407179..0015a14e2d 100644 --- a/installer/InstallAuth.pm +++ b/installer/InstallAuth.pm @@ -103,7 +103,7 @@ InstallAuth - Authenticates Koha users for Install process authenticated page. More information on the C sub can be found in the - Output.pm module. + Templates.pm module. =cut @@ -117,7 +117,7 @@ sub get_template_and_user { $tmplbase=~ s/\.tmpl$/.tt/; my $filename = "$path/modules/" . $tmplbase; my $interface = 'intranet'; - my $template = C4::Templates->new( $interface, $filename, $tmplbase); + my $template = C4::Templates->new( $interface, $filename, $tmplbase, $query); my ( $user, $cookie, $sessionID, $flags ) = checkauth( $in->{'query'}, @@ -158,18 +158,14 @@ sub get_template_and_user { } sub _get_template_language { - #verify if opac language exists in staff (bug 5660) - #conditions are 1) dir exists and 2) enabled in prefs - my ($opaclang)= @_; - return 'en' unless $opaclang; - my $path= C4::Context->config('intrahtdocs')."/prog/$opaclang"; - my $pref= ','.C4::Context->preference('language').','; - if(-d $path) { - if($pref =~ /,$opaclang,/ ) { - return $opaclang; - } - } - return 'en'; + + #verify if opac language exists in staff (bug 5660) + #conditions are 1) dir exists and 2) enabled in prefs + my ($opaclang) = @_; + return 'en' unless $opaclang; + $opaclang =~ s/[^a-zA-Z_-]*//g; + my $path = C4::Context->config('intrahtdocs') . "/prog/$opaclang"; + -d $path ? $opaclang : 'en'; } =item checkauth @@ -266,7 +262,11 @@ sub checkauth { $session->param('emailaddress'), $session->param('branchprinter') ); - $cookie = $query->cookie( CGISESSID => $session->id ); + $cookie = $query->cookie( + -name => 'CGISESSID', + -value => $session->id, + -HttpOnly => 1, + ); $loggedin = 1; $userid = $session->param('cardnumber'); } @@ -278,11 +278,12 @@ sub checkauth { C4::Context->_unset_userenv($sessionID); $sessionID = undef; $userid = undef; - open L, ">>/tmp/sessionlog"; - my $time = localtime( time() ); - printf L "%20s from %16s logged out at %30s (manually).\n", $userid, - $ip, $time; - close L; + # Commented out due to its lack of usefulness + # open L, ">>/tmp/sessionlog"; + # my $time = localtime( time() ); + # printf L "%20s from %16s logged out at %30s (manually).\n", $userid, + # $ip, $time; + # close L; } } unless ($userid) { @@ -296,12 +297,16 @@ sub checkauth { my ( $return, $cardnumber ) = checkpw( $userid, $password ); if ($return) { $loggedin = 1; - open L, ">>/tmp/sessionlog"; - my $time = localtime( time() ); - printf L "%20s from %16s logged in at %30s.\n", $userid, - $ENV{'REMOTE_ADDR'}, $time; - close L; - $cookie = $query->cookie( CGISESSID => $sessionID ); + # open L, ">>/tmp/sessionlog"; + # my $time = localtime( time() ); + # printf L "%20s from %16s logged in at %30s.\n", $userid, + # $ENV{'REMOTE_ADDR'}, $time; + # close L; + $cookie = $query->cookie( + -name => 'CGISESSID', + -value => $sessionID, + -HttpOnly => 1, + ); if ( $return == 2 ) { #Only superlibrarian should have access to this page. @@ -345,6 +350,7 @@ sub checkauth { $cookie = $query->cookie( -name => 'CGISESSID', -value => '', + -HttpOnly => 1, -expires => '' ); } @@ -371,7 +377,7 @@ sub checkauth { my $filename = "$path/modules/$template_name"; $filename =~ s/\.tmpl$/.tt/; my $interface = 'intranet'; - my $template = C4::Templates->new( $interface, $filename); + my $template = C4::Templates->new( $interface, $filename, '', $query); $template->param( INPUTS => \@inputs, @@ -385,6 +391,7 @@ sub checkauth { $cookie = $query->cookie( -name => 'CGISESSID', -value => $sessionID, + -HttpOnly => 1, -expires => '' ); print $query->header(