Bug 7298: (follow-up) fix uninitialized variable warning

[koha.git] / opac / ilsdi.pl

diff --git a/opac/ilsdi.pl b/opac/ilsdi.pl
index 1a97abe..d68f09a 100755 (executable)
--- a/opac/ilsdi.pl
+++ b/opac/ilsdi.pl
@@ -13,13 +13,15 @@
 # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
 # A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
 #
-# You should have received a copy of the GNU General Public License along with
-# Koha; if not, write to the Free Software Foundation, Inc., 59 Temple Place,
-# Suite 330, Boston, MA  02111-1307 USA
+# You should have received a copy of the GNU General Public License along
+# with Koha; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 
 use strict;
 use warnings;
 
+use List::MoreUtils qw(any);
+
 use C4::ILSDI::Services;
 use C4::Auth;
 use C4::Output;
@@ -31,7 +33,7 @@ use CGI;
 
 This script is a basic implementation of ILS-DI protocol for Koha.
 It acts like a dispatcher, that get the CGI request, check required and 
-optionals arguments, call a function from C4::ILS-DI::Services, and finaly 
+optionals arguments, call a function from C4::ILS-DI, and finaly
 outputs the returned hashref as XML.
 
 =cut
@@ -112,13 +114,8 @@ my %optional = (
     'CancelHold' => [],
 );
 
-# If ILS-DI module is disabled in System->Preferences, redirect to 404
-if ( not C4::Context->preference('ILS-DI') ) {
-    print $cgi->redirect("/cgi-bin/koha/errors/404.pl");
-}
-
 # If no service is requested, display the online documentation
-if ( not $cgi->param('service') ) {
+unless ( $cgi->param('service') ) {
     my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
         {   template_name   => "ilsdi.tmpl",
             query           => $cgi,
@@ -132,7 +129,7 @@ if ( not $cgi->param('service') ) {
 }
 
 # If user requested a service description, then display it
-if ( $cgi->param('service') eq "Describe" and grep { $cgi->param('verb') eq $_ } @services ) {
+if ( $cgi->param('service') eq "Describe" and any { $cgi->param('verb') eq $_ } @services ) {
     my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
         {   template_name   => "ilsdi.tmpl",
             query           => $cgi,
@@ -146,47 +143,67 @@ if ( $cgi->param('service') eq "Describe" and grep { $cgi->param('verb') eq $_ }
     exit 0;
 }
 
-my $service = $cgi->param('service') || "ilsdi";
+# any output after this point will be UTF-8 XML
+binmode STDOUT, ':encoding(UTF-8)';
+print CGI::header('-type'=>'text/xml', '-charset'=>'utf-8');
 
 my $out;
 
+# If ILS-DI module is disabled in System->Preferences, redirect to 404
+unless ( C4::Context->preference('ILS-DI') ) {
+    $out->{'code'} = "NotAllowed";
+    $out->{'message'} = "ILS-DI is disabled.";
+}
+
+# If the remote address is not allowed, redirect to 403
+my @AuthorizedIPs = split(/,/, C4::Context->preference('ILS-DI:AuthorizedIPs'));
+if ( @AuthorizedIPs # If no filter set, allow access to everybody
+    and not any { $ENV{'REMOTE_ADDR'} eq $_ } @AuthorizedIPs # IP Check
+    ) {
+    $out->{'code'} = "NotAllowed";
+    $out->{'message'} = "Unauthorized IP address: ".$ENV{'REMOTE_ADDR'}.".";
+}
+
+my $service = $cgi->param('service') || "ilsdi";
+
 # Check if the requested service is in the list
-if ( $service and grep { $service eq $_ } @services ) {
+if ( $service and any { $service eq $_ } @services ) {
 
     my @parmsrequired = @{ $required{$service} };
     my @parmsoptional = @{ $optional{$service} };
     my @parmsall      = ( @parmsrequired, @parmsoptional );
     my @names         = $cgi->param;
-    my %paramhash     = ();
-    foreach my $name (@names) {
-        $paramhash{$name} = 1;
-    }
+    my %paramhash;
+    $paramhash{$_} = 1 for @names;
 
     # check for missing parameters
-    foreach my $name (@parmsrequired) {
-        if ( ( !exists $paramhash{$name} ) ) {
-            $out->{'message'} = "missing $name parameter";
+    for ( @parmsrequired ) {
+        unless ( exists $paramhash{$_} ) {
+            $out->{'code'} = "MissingParameter";
+            $out->{'message'} = "The required parameter ".$_." is missing.";
         }
     }
 
     # check for illegal parameters
-    foreach my $name (@names) {
+    for my $name ( @names ) {
         my $found = 0;
-        foreach my $name2 (@parmsall) {
+        for my $name2 (@parmsall) {
             if ( $name eq $name2 ) {
                 $found = 1;
             }
         }
-        if ( ( $found == 0 ) && ( $name ne 'service' ) ) {
-            $out->{'message'} = "$name is an illegal parameter";
+        if ( $found == 0 && $name ne 'service' ) {
+            $out->{'code'} = "IllegalParameter";
+            $out->{'message'} = "The parameter ".$name." is illegal.";
         }
     }
 
     # check for multiple parameters
-    foreach my $name (@names) {
-        my @values = $cgi->param($name);
+    for ( @names ) {
+        my @values = $cgi->param($_);
         if ( $#values != 0 ) {
-            $out->{'message'} = "multiple values are not allowed for the $name parameter";
+            $out->{'code'} = "MultipleValuesNotAllowed";
+            $out->{'message'} = "Multiple values not allowed for the parameter ".$_.".";
         }
     }
 
@@ -194,7 +211,6 @@ if ( $service and grep { $service eq $_ } @services ) {
 
         # GetAvailability is a special case, as it cannot use XML::Simple
         if ( $service eq "GetAvailability" ) {
-            print CGI::header('text/xml');
             print C4::ILSDI::Services::GetAvailability($cgi);
             exit 0;
         } else {
@@ -215,14 +231,13 @@ if ( $service and grep { $service eq $_ } @services ) {
 }
 
 # Output XML by passing the hashref to XMLOut
-print CGI::header('-type'=>'text/xml', '-charset'=>'utf-8');
 print XMLout(
     $out,
     noattr        => 1,
-    noescape      => 1,
     nosort        => 1,
     xmldecl       => '<?xml version="1.0" encoding="UTF-8" ?>',
     RootName      => $service,
     SuppressEmpty => 1
 );
+exit 0;