X-Git-Url: http://koha-dev.rot13.org:8081/gitweb/?a=blobdiff_plain;f=C4%2FTemplates.pm;h=dd54a6e3f4128e2dfce610c8ee1ddba876325683;hb=ad83d2e07d3c2c28e962b1a2e8d04b6f25a4a868;hp=7456c7f62595a9398f93c8eac6c8ad8b128d3d87;hpb=8fd15d90bf91cea0921fe65f147f640acca8ddf7;p=srvgit diff --git a/C4/Templates.pm b/C4/Templates.pm index 7456c7f625..dd54a6e3f4 100644 --- a/C4/Templates.pm +++ b/C4/Templates.pm @@ -2,40 +2,42 @@ package C4::Templates; use strict; use warnings; -use Carp; -use CGI; -use List::MoreUtils qw/any uniq/; +use Carp qw( carp ); +use CGI qw ( -utf8 ); +use List::MoreUtils qw( uniq ); # Copyright 2009 Chris Cormack and The Koha Dev Team # # This file is part of Koha. # -# Koha is free software; you can redistribute it and/or modify it under the -# terms of the GNU General Public License as published by the Free Software -# Foundation; either version 2 of the License, or (at your option) any later -# version. +# Koha is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. # -# Koha is distributed in the hope that it will be useful, but WITHOUT ANY -# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR -# A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# Koha is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. # -# You should have received a copy of the GNU General Public License along with -# Koha; if not, write to the Free Software Foundation, Inc., 59 Temple Place, -# Suite 330, Boston, MA 02111-1307 USA +# You should have received a copy of the GNU General Public License +# along with Koha; if not, see . =head1 NAME - Koha::Templates - Object for manipulating templates for use with Koha +C4::Templates - Object for manipulating templates for use with Koha =cut use base qw(Class::Accessor); use Template; -use Template::Constants qw( :debug ); -use C4::Languages qw(getTranslatedLanguages get_bidi regex_lang_subtags language_get_description accept_language ); +use C4::Languages qw( get_bidi getTranslatedLanguages regex_lang_subtags ); use C4::Context; +use Koha::Cache::Memory::Lite; +use Koha::Exceptions; + __PACKAGE__->mk_accessors(qw( theme activethemes preferredtheme lang filename htdocs interface vars)); @@ -69,6 +71,7 @@ sub new { COMPILE_DIR => $use_template_cache ? C4::Context->config('template_cache_dir') : '', INCLUDE_PATH => \@includes, FILTERS => {}, + ENCODING => 'UTF-8', } ) or die Template->error(); my $self = { @@ -105,62 +108,27 @@ sub output { $vars->{interface} = ( $self->{interface} ne 'intranet' ? '/opac-tmpl' : '/intranet-tmpl' ); $vars->{theme} = $self->theme; - $vars->{opaccolorstylesheet} = - C4::Context->preference('opaccolorstylesheet'); + $vars->{OpacAdditionalStylesheet} = + C4::Context->preference('OpacAdditionalStylesheet'); $vars->{opaclayoutstylesheet} = C4::Context->preference('opaclayoutstylesheet'); - # add variables set via param to $vars for processing - # and clean any utf8 mess - for my $k ( keys %{ $self->{VARS} } ) { - $vars->{$k} = $self->{VARS}->{$k}; - if (ref($vars->{$k}) eq 'ARRAY'){ - utf8_arrayref($vars->{$k}); - } - elsif (ref($vars->{$k}) eq 'HASH'){ - utf8_hashref($vars->{$k}); - } - else { - utf8::encode($vars->{$k}) if utf8::is_utf8($vars->{$k}); - } + if(exists $self->{VARS}{lang}) { + warn "Preventing \$template->lang='" . ($self->{vars}{lang}//'-undef-') + . "' to be overwritten by template->{VARS}{lang}='" . ($self->{VARS}{lang}//'-undef-') . "'"; + delete $self->{VARS}{lang}; } + + # add variables set via param to $vars for processing + $vars = { %$vars, %{ $self->{VARS} } }; + my $data; -# binmode( STDOUT, ":utf8" ); + binmode( STDOUT, ":encoding(UTF-8)" ); $template->process( $self->filename, $vars, \$data ) || die "Template process failed: ", $template->error(); return $data; } -sub utf8_arrayref { - my $arrayref = shift; - foreach my $element (@$arrayref){ - if (ref($element) eq 'ARRAY'){ - utf8_arrayref($element); - next; - } - if (ref($element) eq 'HASH'){ - utf8_hashref($element); - next; - } - utf8::encode($element) if utf8::is_utf8($element); - } -} - -sub utf8_hashref { - my $hashref = shift; - for my $key (keys %{$hashref}){ - if (ref($hashref->{$key}) eq 'ARRAY'){ - utf8_arrayref($hashref->{$key}); - next; - } - if (ref($hashref->{$key}) eq 'HASH'){ - utf8_hashref($hashref->{$key}); - next; - } - utf8::encode($hashref->{$key}) if utf8::is_utf8($hashref->{$key}); - } -} - # wrapper method to allow easier transition from HTML template pro to Template Toolkit sub param { my $self = shift; @@ -199,19 +167,55 @@ sub _get_template_file { my $is_intranet = $interface eq 'intranet'; my $htdocs = C4::Context->config($is_intranet ? 'intrahtdocs' : 'opachtdocs'); my ($theme, $lang, $availablethemes) = themelanguage($htdocs, $tmplbase, $interface, $query); - my $filename = "$htdocs/$theme/$lang/modules/$tmplbase"; + $lang //= 'en'; + $theme //= ''; + $tmplbase = "$htdocs/$theme/$lang/modules/$tmplbase" if $tmplbase !~ /^\//; + # do not prefix an absolute path - return ($htdocs, $theme, $lang, $filename); + return ( $htdocs, $theme, $lang, $tmplbase ); } +=head2 badtemplatecheck + + badtemplatecheck( $template_path ); + + The sub will throw an exception if the template path is not allowed. + + Note: At this moment the sub is actually a helper routine for + sub gettemplate. + +=cut + +sub badtemplatecheck { + my ( $template ) = @_; + if( !$template || $template !~ m/^[a-zA-Z0-9_\-\/]+\.(tt|pref)$/ ) { + # This also includes two dots + Koha::Exceptions::NoPermission->throw( 'bad template path' ); + } else { + # Check allowed dirs - make sure we operate on a copy of the config + my $dirs = C4::Context->config("pluginsdir"); + if ( !ref($dirs) ) { + $dirs = [ $dirs ]; + } + else { + $dirs = [ @$dirs ]; + } + unshift @$dirs, C4::Context->config('opachtdocs'), C4::Context->config('intrahtdocs'); + my $found = 0; + foreach my $dir ( @$dirs ) { + $dir .= '/' if $dir !~ m/\/$/; + $found++ if $template =~ m/^$dir/; + last if $found; + } + Koha::Exceptions::NoPermission->throw( 'bad template path' ) if !$found; + } +} sub gettemplate { - my ( $tmplbase, $interface, $query, $is_plugin ) = @_; - ($query) or warn "no query in gettemplate"; - my $path = C4::Context->preference('intranet_includes') || 'includes'; + my ( $tmplbase, $interface, $query ) = @_; my ($htdocs, $theme, $lang, $filename) = _get_template_file($tmplbase, $interface, $query); - $filename = $tmplbase if ( $is_plugin ); + badtemplatecheck( $filename ); # single trip for bad templates my $template = C4::Templates->new($interface, $filename, $tmplbase, $query); # NOTE: Commenting these out rather than deleting them so that those who need @@ -268,11 +272,16 @@ the use case where the DB is not populated already when rewriting/fixing. sub themelanguage { my ($htdocs, $tmpl, $interface, $query) = @_; - ($query) or warn "no query in themelanguage"; # Select a language based on cookie, syspref available languages & browser my $lang = C4::Languages::getlanguage($query); + return availablethemes($htdocs, $tmpl, $interface, $lang); +} + +sub availablethemes { + my ($htdocs, $tmpl, $interface, $lang) = @_; + # Get theme my @themes; my $theme_syspref = ($interface eq 'intranet') ? 'template' : 'opacthemes'; @@ -293,27 +302,30 @@ sub themelanguage { my $where = $tmpl =~ /xsl$/ ? 'xslt' : 'modules'; for my $theme (@themes) { if ( -e "$htdocs/$theme/$lang/$where/$tmpl" ) { - return ( $theme, $lang, uniq( \@themes ) ); + return ( $theme, $lang, [ uniq(@themes) ] ); } } # Otherwise return theme/'en', last resort fallback/'en' for my $theme (@themes) { if ( -e "$htdocs/$theme/en/$where/$tmpl" ) { - return ( $theme, 'en', uniq( \@themes ) ); + return ( $theme, 'en', [ uniq(@themes) ] ); } } + # tmpl is a full path, so this is a template for a plugin + if ( $tmpl =~ /^\// && -e $tmpl ) { + return ( $themes[0], $lang, [ uniq(@themes) ] ); + } } - sub setlanguagecookie { my ( $query, $language, $uri ) = @_; - my $cookie = $query->cookie( - -name => 'KohaOpacLanguage', - -value => $language, - -HttpOnly => 1, - -expires => '+3y' - ); + my $cookie = getlanguagecookie( $query, $language ); + + # We do not want to set getlanguage in cache, some additional checks are + # done in C4::Languages::getlanguage + Koha::Cache::Memory::Lite->get_instance()->clear_from_cache( 'getlanguage' ); + print $query->redirect( -uri => $uri, -cookie => $cookie @@ -334,57 +346,12 @@ sub getlanguagecookie { -name => 'KohaOpacLanguage', -value => $language, -HttpOnly => 1, - -expires => '+3y' + -expires => '+3y', + -sameSite => 'Lax', + -secure => ( C4::Context->https_enabled() ? 1 : 0 ), ); return $cookie; } -=head2 GetColumnDefs - - my $columns = GetColumnDefs( $cgi ) - -It is passed a CGI object and returns a hash of hashes containing -the column names and descriptions for each table defined in the -columns.def file corresponding to the CGI object. - -=cut - -sub GetColumnDefs { - - my $query = shift; - - my $columns = {}; - - my $htdocs = C4::Context->config('intrahtdocs'); - my $columns_file = 'columns.def'; - - # Get theme and language to build the path to columns.def - my ($theme, $lang, $availablethemes) = - themelanguage($htdocs, 'about.tt', 'intranet', $query); - # Build columns.def path - my $path = "$htdocs/$theme/$lang/$columns_file"; - my $fh; - if ( ! open ( $fh, q{<}, $path ) ) { - carp "Error opening $path. Check your templates."; - return; - } - # Loop through the columns.def file - while ( my $input = <$fh> ){ - chomp $input; - if ( $input =~ m|(.*)| ) { - my ( $table, $column ) = split( '\.', $1); - my $description = $2; - # Initialize the table array if needed. - @{$columns->{ $table }} = () if ! defined $columns->{ $table }; - # Push field and description - push @{$columns->{ $table }}, - { field => $column, description => $description }; - } - } - close $fh; - - return $columns; -} - 1;