X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;f=opac%2Filsdi.pl;h=d68f09af8466cd022b537b58b129b98376db1194;hb=e191bb02bfda7f17ae8b4f681314c51d2e7e6b92;hp=18f424d30f593af9e4179c6b5f8246a640ef1dff;hpb=2f99d99991f7d45d16b16ab66bb447d45833eb55;p=koha.git diff --git a/opac/ilsdi.pl b/opac/ilsdi.pl index 18f424d30f..d68f09af84 100755 --- a/opac/ilsdi.pl +++ b/opac/ilsdi.pl @@ -13,13 +13,15 @@ # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR # A PARTICULAR PURPOSE. See the GNU General Public License for more details. # -# You should have received a copy of the GNU General Public License along with -# Koha; if not, write to the Free Software Foundation, Inc., 59 Temple Place, -# Suite 330, Boston, MA 02111-1307 USA +# You should have received a copy of the GNU General Public License along +# with Koha; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. use strict; use warnings; +use List::MoreUtils qw(any); + use C4::ILSDI::Services; use C4::Auth; use C4::Output; @@ -31,7 +33,7 @@ use CGI; This script is a basic implementation of ILS-DI protocol for Koha. It acts like a dispatcher, that get the CGI request, check required and -optionals arguments, call a function from C4::ILS-DI::Services, and finaly +optionals arguments, call a function from C4::ILS-DI, and finaly outputs the returned hashref as XML. =cut @@ -112,13 +114,8 @@ my %optional = ( 'CancelHold' => [], ); -# If ILS-DI module is disabled in System->Preferences, redirect to 404 -if ( not C4::Context->preference('ILS-DI') ) { - print $cgi->redirect("/cgi-bin/koha/errors/404.pl"); -} - # If no service is requested, display the online documentation -if ( not $cgi->param('service') ) { +unless ( $cgi->param('service') ) { my ( $template, $loggedinuser, $cookie ) = get_template_and_user( { template_name => "ilsdi.tmpl", query => $cgi, @@ -132,7 +129,7 @@ if ( not $cgi->param('service') ) { } # If user requested a service description, then display it -if ( $cgi->param('service') eq "Describe" and grep { $cgi->param('verb') eq $_ } @services ) { +if ( $cgi->param('service') eq "Describe" and any { $cgi->param('verb') eq $_ } @services ) { my ( $template, $loggedinuser, $cookie ) = get_template_and_user( { template_name => "ilsdi.tmpl", query => $cgi, @@ -146,47 +143,67 @@ if ( $cgi->param('service') eq "Describe" and grep { $cgi->param('verb') eq $_ } exit 0; } -my $service = $cgi->param('service') || "ilsdi"; +# any output after this point will be UTF-8 XML +binmode STDOUT, ':encoding(UTF-8)'; +print CGI::header('-type'=>'text/xml', '-charset'=>'utf-8'); my $out; +# If ILS-DI module is disabled in System->Preferences, redirect to 404 +unless ( C4::Context->preference('ILS-DI') ) { + $out->{'code'} = "NotAllowed"; + $out->{'message'} = "ILS-DI is disabled."; +} + +# If the remote address is not allowed, redirect to 403 +my @AuthorizedIPs = split(/,/, C4::Context->preference('ILS-DI:AuthorizedIPs')); +if ( @AuthorizedIPs # If no filter set, allow access to everybody + and not any { $ENV{'REMOTE_ADDR'} eq $_ } @AuthorizedIPs # IP Check + ) { + $out->{'code'} = "NotAllowed"; + $out->{'message'} = "Unauthorized IP address: ".$ENV{'REMOTE_ADDR'}."."; +} + +my $service = $cgi->param('service') || "ilsdi"; + # Check if the requested service is in the list -if ( $service and grep { $service eq $_ } @services ) { +if ( $service and any { $service eq $_ } @services ) { my @parmsrequired = @{ $required{$service} }; my @parmsoptional = @{ $optional{$service} }; my @parmsall = ( @parmsrequired, @parmsoptional ); my @names = $cgi->param; - my %paramhash = (); - foreach my $name (@names) { - $paramhash{$name} = 1; - } + my %paramhash; + $paramhash{$_} = 1 for @names; # check for missing parameters - foreach my $name (@parmsrequired) { - if ( ( !exists $paramhash{$name} ) ) { - $out->{'message'} = "missing $name parameter"; + for ( @parmsrequired ) { + unless ( exists $paramhash{$_} ) { + $out->{'code'} = "MissingParameter"; + $out->{'message'} = "The required parameter ".$_." is missing."; } } # check for illegal parameters - foreach my $name (@names) { + for my $name ( @names ) { my $found = 0; - foreach my $name2 (@parmsall) { + for my $name2 (@parmsall) { if ( $name eq $name2 ) { $found = 1; } } - if ( ( $found == 0 ) && ( $name ne 'service' ) ) { - $out->{'message'} = "$name is an illegal parameter"; + if ( $found == 0 && $name ne 'service' ) { + $out->{'code'} = "IllegalParameter"; + $out->{'message'} = "The parameter ".$name." is illegal."; } } # check for multiple parameters - foreach my $name (@names) { - my @values = $cgi->param($name); + for ( @names ) { + my @values = $cgi->param($_); if ( $#values != 0 ) { - $out->{'message'} = "multiple values are not allowed for the $name parameter"; + $out->{'code'} = "MultipleValuesNotAllowed"; + $out->{'message'} = "Multiple values not allowed for the parameter ".$_."."; } } @@ -194,7 +211,6 @@ if ( $service and grep { $service eq $_ } @services ) { # GetAvailability is a special case, as it cannot use XML::Simple if ( $service eq "GetAvailability" ) { - print CGI::header('text/xml'); print C4::ILSDI::Services::GetAvailability($cgi); exit 0; } else { @@ -215,14 +231,13 @@ if ( $service and grep { $service eq $_ } @services ) { } # Output XML by passing the hashref to XMLOut -print CGI::header('text/xml'); print XMLout( $out, noattr => 1, - noescape => 1, nosort => 1, - xmldecl => '', + xmldecl => '', RootName => $service, SuppressEmpty => 1 ); +exit 0;