use Modern::Perl;
use File::Temp;
-use File::Copy;
use CGI qw ( -utf8 );
use GD;
+use MIME::Base64;
use C4::Context;
-use C4::Auth;
-use C4::Output;
+use C4::Auth qw( get_template_and_user );
+use C4::Output qw( output_and_exit output_html_with_http_headers );
use C4::Members;
-use C4::Debug;
+use Koha::Logger;
use Koha::Patrons;
-use Koha::Patron::Image;
+use Koha::Patron::Images;
+use Koha::Token;
-my $input = new CGI;
+my $input = CGI->new;
+
+unless (C4::Context->preference('patronimages')) {
+ # redirect to intranet home if patronimages is not enabled
+ print $input->redirect("/cgi-bin/koha/mainpage.pl");
+ exit;
+}
my ($template, $loggedinuser, $cookie)
= get_template_and_user({template_name => "tools/picture-upload.tt",
query => $input,
type => "intranet",
- authnotrequired => 0,
flagsrequired => { tools => 'batch_upload_patron_images'},
- debug => 0,
});
-my $filetype = $input->param('filetype');
+our $filetype = $input->param('filetype') || '';
my $cardnumber = $input->param('cardnumber');
-my $uploadfilename = $input->param('uploadfile');
+our $uploadfilename = $input->param('uploadfile') || $input->param('uploadfilename') || '';
+my $uploadfiletext = $input->param('uploadfiletext') || '';
my $uploadfile = $input->upload('uploadfile');
my $borrowernumber = $input->param('borrowernumber');
my $op = $input->param('op') || '';
# Other parts of this code could be optimized as well, I think. Perhaps the file upload could be done with YUI's upload
# coded. -fbcit
-$debug and warn "Params are: filetype=$filetype, cardnumber=$cardnumber, borrowernumber=$borrowernumber, uploadfile=$uploadfilename";
+our $logger = Koha::Logger->get;
+$logger->debug("Params are: filetype=$filetype, cardnumber=$cardnumber, borrowernumber=$borrowernumber, uploadfile=$uploadfilename");
=head1 NAME
=cut
-$debug and warn "Operation requested: $op";
-
-my ( $total, $handled, @counts, $tempfile, $tfh, %errors );
+my ( $total, $handled, $tempfile, $tfh );
+our @counts = ();
+our %errors = ();
# Case is important in these operational values as the template must use case to be visually pleasing!
-if ( ( $op eq 'Upload' ) && $uploadfile ) {
+if ( ( $op eq 'Upload' ) && ($uploadfile || $uploadfiletext) ) {
+
+ output_and_exit( $input, $cookie, $template, 'wrong_csrf_token' )
+ unless Koha::Token->new->check_csrf({
+ session_id => scalar $input->cookie('CGISESSID'),
+ token => scalar $input->param('csrf_token'),
+ });
+
my $dirname = File::Temp::tempdir( CLEANUP => 1 );
- $debug and warn "dirname = $dirname";
my $filesuffix;
if ( $uploadfilename =~ m/(\..+)$/i ) {
$filesuffix = $1;
}
( $tfh, $tempfile ) =
File::Temp::tempfile( SUFFIX => $filesuffix, UNLINK => 1 );
- $debug and warn "tempfile = $tempfile";
my ( @directories, $results );
- $errors{'NOTZIP'} = 1
- if ( $uploadfilename !~ /\.zip$/i && $filetype =~ m/zip/i );
$errors{'NOWRITETEMP'} = 1 unless ( -w $dirname );
- $errors{'EMPTYUPLOAD'} = 1 unless ( length($uploadfile) > 0 );
+ if ( length($uploadfiletext) == 0 ) {
+ $errors{'NOTZIP'} = 1
+ if ( $uploadfilename !~ /\.zip$/i && $filetype =~ m/zip/i );
+ $errors{'EMPTYUPLOAD'} = 1 unless ( length($uploadfile) > 0 );
+ }
if (%errors) {
$template->param( ERRORS => [ \%errors ] );
output_html_with_http_headers $input, $cookie, $template->output;
exit;
}
- while (<$uploadfile>) {
- print $tfh $_;
+
+ if ( length($uploadfiletext) == 0 ) {
+ while (<$uploadfile>) {
+ print $tfh $_;
+ }
+ } else {
+ # data type controlled in toDataURL() in template
+ if ( $uploadfiletext =~ /data:image\/jpeg;base64,(.*)/ ) {
+ my $encoded_picture = $1;
+ my $decoded_picture = decode_base64($encoded_picture);
+ print $tfh $decoded_picture;
+ } else {
+ $errors{'BADPICTUREDATA'} = 1;
+ $template->param( ERRORS => [ \%errors ] );
+ output_html_with_http_headers $input, $cookie, $template->output;
+ exit;
+ }
}
close $tfh;
if ( $filetype eq 'zip' ) {
- unless ( system( "unzip", $tempfile, '-d', $dirname ) == 0 ) {
+ qx/unzip $tempfile -d $dirname/;
+ my $exit_code = $?;
+ unless ( $exit_code == 0 ) {
$errors{'UZIPFAIL'} = $uploadfilename;
$template->param( ERRORS => [ \%errors ] );
# This error is fatal to the import, so bail out here
}
push @directories, "$dirname";
foreach my $recursive_dir (@directories) {
- opendir RECDIR, $recursive_dir;
- while ( my $entry = readdir RECDIR ) {
+ my $recdir_h;
+ opendir $recdir_h, $recursive_dir;
+ while ( my $entry = readdir $recdir_h ) {
push @directories, "$recursive_dir/$entry"
if ( -d "$recursive_dir/$entry" and $entry !~ /^\./ );
- $debug and warn "$recursive_dir/$entry";
}
- closedir RECDIR;
+ closedir $recdir_h;
}
foreach my $dir (@directories) {
$results = handle_dir( $dir, $filesuffix, $template );
else {
my $filecount;
map { $filecount += $_->{count} } @counts;
- $debug and warn "Total directories processed: $total";
- $debug and warn "Total files processed: $filecount";
+ $logger->debug("Total directories processed: $total");
+ $logger->debug("Total files processed: $filecount");
$template->param(
TOTAL => $total,
HANDLED => $handled,
$template->param( filetype => $filetype );
}
elsif ( $op eq 'Delete' ) {
- my $dberror = RmPatronImage($borrowernumber);
- $debug and warn "Patron image deleted for $borrowernumber";
- warn "Database returned $dberror" if $dberror;
+ output_and_exit( $input, $cookie, $template, 'wrong_csrf_token' )
+ unless Koha::Token->new->check_csrf({
+ session_id => scalar $input->cookie('CGISESSID'),
+ token => scalar $input->param('csrf_token'),
+ });
+
+ my $deleted = eval {
+ Koha::Patron::Images->find( $borrowernumber )->delete;
+ };
+ if ( $@ or not $deleted ) {
+ warn "Image for patron '$borrowernumber' has not been deleted";
+ }
}
if ( $borrowernumber && !%errors && !$template->param('ERRORS') ) {
print $input->redirect(
"/cgi-bin/koha/members/moremember.pl?borrowernumber=$borrowernumber");
}
else {
+ $template->param(
+ csrf_token => Koha::Token->new->generate_csrf({
+ session_id => scalar $input->cookie('CGISESSID'),
+ }),
+ );
output_html_with_http_headers $input, $cookie, $template->output;
}
sub handle_dir {
my ( $dir, $suffix, $template, $cardnumber, $source ) = @_;
my ( %counts, %direrrors );
- $debug and warn "Entering sub handle_dir; passed \$dir=$dir, \$suffix=$suffix";
+ $logger->debug("Entering sub handle_dir; passed \$dir=$dir, \$suffix=$suffix");
if ( $suffix =~ m/zip/i ) {
# If we were sent a zip file, process any included data/idlink.txt files
my ( $file, $filename );
undef $cardnumber;
- $debug and warn "Passed a zip file.";
- opendir DIR, $dir;
- while ( my $filename = readdir DIR ) {
+ $logger->debug("Passed a zip file.");
+ my $dir_h;
+ opendir $dir_h, $dir;
+ while ( my $filename = readdir $dir_h ) {
$file = "$dir/$filename"
if ( $filename =~ m/datalink\.txt/i
|| $filename =~ m/idlink\.txt/i );
}
- unless ( open( FILE, $file ) ) {
+ my $fh;
+ unless ( open( $fh, '<', $file ) ) {
warn "Opening $dir/$file failed!";
$direrrors{'OPNLINK'} = $file;
# This error is fatal to the import of this directory contents
return \%direrrors;
}
- while ( my $line = <FILE> ) {
- $debug and warn "Reading contents of $file";
+ my @lines = <$fh>;
+ close $fh;
+ foreach my $line (@lines) {
+ $logger->debug("Reading contents of $file");
chomp $line;
- $debug and warn "Examining line: $line";
+ $logger->debug("Examining line: $line");
my $delim = ( $line =~ /\t/ ) ? "\t" : ( $line =~ /,/ ) ? "," : "";
- $debug and warn "Delimeter is \'$delim\'";
+ $logger->debug("Delimeter is \'$delim\'");
unless ( $delim eq "," || $delim eq "\t" ) {
warn "Unrecognized or missing field delimeter. Please verify that you are using either a ',' or a 'tab'";
$direrrors{'DELERR'} = 1;
( $cardnumber, $filename ) = split $delim, $line;
$cardnumber =~ s/[\"\r\n]//g; # remove offensive characters
$filename =~ s/[\"\r\n\s]//g;
- $debug and warn "Cardnumber: $cardnumber Filename: $filename";
+ $logger->debug("Cardnumber: $cardnumber Filename: $filename");
$source = "$dir/$filename";
%counts = handle_file( $cardnumber, $source, $template, %counts );
}
- close FILE;
- closedir DIR;
+ closedir $dir_h;
}
else {
%counts = handle_file( $cardnumber, $source, $template, %counts );
sub handle_file {
my ( $cardnumber, $source, $template, %count ) = @_;
- $debug and warn "Entering sub handle_file; passed \$cardnumber=$cardnumber, \$source=$source";
+ $logger->debug("Entering sub handle_file; passed \$cardnumber=$cardnumber, \$source=$source");
$count{filenames} = () if !$count{filenames};
$count{source} = $source if !$count{source};
$count{count} = 0 unless exists $count{count};
}
if ( $cardnumber && $source ) {
# Now process any imagefiles
- $debug and warn "Source: $source";
+ $logger->debug("Source: $source");
my $size = ( stat($source) )[7];
- if ( $size > 550000 ) {
+ if ( $size > 2097152 ) {
# This check is necessary even with image resizing to avoid possible security/performance issues...
$filerrors{'OVRSIZ'} = 1;
push my @filerrors, \%filerrors;
return %count;
}
my ( $srcimage, $image );
- if ( open( IMG, "$source" ) ) {
- $srcimage = GD::Image->new(*IMG);
- close(IMG);
+ if ( open( my $fh, '<', $source ) ) {
+ $srcimage = GD::Image->new($fh);
+ close($fh);
if ( defined $srcimage ) {
my $imgfile;
my $mimetype = 'image/png';
# we will convert all to PNG which is lossless...
# Check the pixel size of the image we are about to import...
my ( $width, $height ) = $srcimage->getBounds();
- $debug and warn "$filename is $width pix X $height pix.";
+ $logger->debug("$filename is $width pix X $height pix.");
if ( $width > 200 || $height > 300 ) {
# MAX pixel dims are 200 X 300...
- $debug and warn "$filename exceeds the maximum pixel dimensions of 200 X 300. Resizing...";
+ $logger->debug("$filename exceeds the maximum pixel dimensions of 200 X 300. Resizing...");
# Percent we will reduce the image dimensions by...
my $percent_reduce;
if ( $width > 200 ) {
sprintf( "%.0f", ( $width * $percent_reduce ) );
my $height_reduce =
sprintf( "%.0f", ( $height * $percent_reduce ) );
- $debug
- and warn "Reducing $filename by "
+ $logger->debug("Reducing $filename by "
. ( $percent_reduce * 100 )
- . "\% or to $width_reduce pix X $height_reduce pix";
+ . "\% or to $width_reduce pix X $height_reduce pix");
#'1' creates true color image...
$image = GD::Image->new( $width_reduce, $height_reduce, 1 );
$image->copyResampled( $srcimage, 0, 0, 0, 0, $width_reduce,
$height_reduce, $width, $height );
$imgfile = $image->png();
- $debug
- and warn "$filename is "
+ $logger->debug("$filename is "
. length($imgfile)
- . " bytes after resizing.";
+ . " bytes after resizing.");
undef $image;
undef $srcimage; # This object can get big...
}
else {
$image = $srcimage;
$imgfile = $image->png();
- $debug
- and warn "$filename is " . length($imgfile) . " bytes.";
+ $logger->debug("$filename is " . length($imgfile) . " bytes.");
undef $image;
undef $srcimage; # This object can get big...
}
- $debug and warn "Image is of mimetype $mimetype";
- my $dberror;
+ $logger->debug("Image is of mimetype $mimetype");
if ($mimetype) {
my $patron = Koha::Patrons->find({ cardnumber => $cardnumber });
if ( $patron ) {
projects / srvgit / blobdiff