X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;f=tools%2Fpicture-upload.pl;h=54f18b53ad54180a7a9eb4711eddce3ba514ebcf;hb=68ee1ceb9d67974eb53832dbd2008d39c05fad71;hp=3ae4f6284f1efb769f713ed103090e75c44eb9db;hpb=ba0f84b46c5c565600575ef61d413067c768fa14;p=koha.git diff --git a/tools/picture-upload.pl b/tools/picture-upload.pl index 3ae4f6284f..54f18b53ad 100755 --- a/tools/picture-upload.pl +++ b/tools/picture-upload.pl @@ -31,6 +31,10 @@ use C4::Output; use C4::Members; use C4::Debug; +use Koha::Patrons; +use Koha::Patron::Images; +use Koha::Token; + my $input = new CGI; my ($template, $loggedinuser, $cookie) @@ -42,9 +46,9 @@ my ($template, $loggedinuser, $cookie) debug => 0, }); -my $filetype = $input->param('filetype'); +our $filetype = $input->param('filetype') || ''; my $cardnumber = $input->param('cardnumber'); -my $uploadfilename = $input->param('uploadfile'); +our $uploadfilename = $input->param('uploadfile') || ''; my $uploadfile = $input->upload('uploadfile'); my $borrowernumber = $input->param('borrowernumber'); my $op = $input->param('op') || ''; @@ -72,10 +76,19 @@ Files greater than 100K will be refused. Images should be 140x200 pixels. If the $debug and warn "Operation requested: $op"; -my ( $total, $handled, @counts, $tempfile, $tfh, %errors ); +my ( $total, $handled, $tempfile, $tfh ); +our @counts = (); +our %errors = (); # Case is important in these operational values as the template must use case to be visually pleasing! if ( ( $op eq 'Upload' ) && $uploadfile ) { + + output_and_exit( $input, $cookie, $template, 'wrong_csrf_token' ) + unless Koha::Token->new->check_csrf({ + session_id => scalar $input->cookie('CGISESSID'), + token => scalar $input->param('csrf_token'), + }); + my $dirname = File::Temp::tempdir( CLEANUP => 1 ); $debug and warn "dirname = $dirname"; my $filesuffix; @@ -102,7 +115,9 @@ if ( ( $op eq 'Upload' ) && $uploadfile ) { } close $tfh; if ( $filetype eq 'zip' ) { - unless ( system( "unzip", $tempfile, '-d', $dirname ) == 0 ) { + qx/unzip $tempfile -d $dirname/; + my $exit_code = $?; + unless ( $exit_code == 0 ) { $errors{'UZIPFAIL'} = $uploadfilename; $template->param( ERRORS => [ \%errors ] ); # This error is fatal to the import, so bail out here @@ -157,15 +172,29 @@ elsif ( ( $op eq 'Upload' ) && !$uploadfile ) { $template->param( filetype => $filetype ); } elsif ( $op eq 'Delete' ) { - my $dberror = RmPatronImage($cardnumber); - $debug and warn "Patron image deleted for $cardnumber"; - warn "Database returned $dberror" if $dberror; + output_and_exit( $input, $cookie, $template, 'wrong_csrf_token' ) + unless Koha::Token->new->check_csrf({ + session_id => scalar $input->cookie('CGISESSID'), + token => scalar $input->param('csrf_token'), + }); + + my $deleted = eval { + Koha::Patron::Images->find( $borrowernumber )->delete; + }; + if ( $@ or not $deleted ) { + warn "Image for patron '$borrowernumber' has not been deleted"; + } } if ( $borrowernumber && !%errors && !$template->param('ERRORS') ) { print $input->redirect( "/cgi-bin/koha/members/moremember.pl?borrowernumber=$borrowernumber"); } else { + $template->param( + csrf_token => Koha::Token->new->generate_csrf({ + session_id => scalar $input->cookie('CGISESSID'), + }), + ); output_html_with_http_headers $input, $cookie, $template->output; } @@ -310,31 +339,47 @@ sub handle_file { $debug and warn "Image is of mimetype $mimetype"; my $dberror; if ($mimetype) { - $dberror = - PutPatronImage( $cardnumber, $mimetype, $imgfile ); - } - if ( !$dberror && $mimetype ) { - # Errors from here on are fatal only to the import of a particular image - #so don't bail, just note the error and keep going - $count{count}++; - push @{ $count{filenames} }, - { source => $filename, cardnumber => $cardnumber }; - } - elsif ($dberror) { - warn "Database returned error: $dberror"; - ( $dberror =~ /patronimage_fk1/ ) - ? $filerrors{'IMGEXISTS'} = 1 - : $filerrors{'DBERR'} = 1; - push my @filerrors, \%filerrors; - push @{ $count{filenames} }, - { - filerrors => \@filerrors, - source => $filename, - cardnumber => $cardnumber - }; - $template->param( ERRORS => 1 ); + my $patron = Koha::Patrons->find({ cardnumber => $cardnumber }); + if ( $patron ) { + my $image = $patron->image; + $image ||= Koha::Patron::Image->new({ borrowernumber => $patron->borrowernumber }); + $image->set({ + mimetype => $mimetype, + imagefile => $imgfile, + }); + eval { $image->store }; + if ( $@ ) { + # Errors from here on are fatal only to the import of a particular image + #so don't bail, just note the error and keep going + warn "Database returned error: $@"; + $filerrors{'DBERR'} = 1; + push my @filerrors, \%filerrors; + push @{ $count{filenames} }, + { + filerrors => \@filerrors, + source => $filename, + cardnumber => $cardnumber + }; + $template->param( ERRORS => 1 ); + } else { + $count{count}++; + push @{ $count{filenames} }, + { source => $filename, cardnumber => $cardnumber }; + } + } else { + warn "Patron with the cardnumber '$cardnumber' does not exist"; + $filerrors{'CARDNUMBER_DOES_NOT_EXIST'} = 1; + push my @filerrors, \%filerrors; + push @{ $count{filenames} }, + { + filerrors => \@filerrors, + source => $filename, + cardnumber => $cardnumber + }; + $template->param( ERRORS => 1 ); + } } - elsif ( !$mimetype ) { + else { warn "Unable to determine mime type of $filename. Please verify mimetype."; $filerrors{'MIMERR'} = 1; push my @filerrors, \%filerrors;