X-Git-Url: http://koha-dev.rot13.org:8081/gitweb/?a=blobdiff_plain;f=installer%2FInstallAuth.pm;h=1a8a4df89f90bce8dcad9fdea47d01ad60890b11;hb=5b6f89714d58d4a7c33b621b2cefbc02523dafa3;hp=2c07bbe8d43a06ec206e83fd48a47e8ef31aac41;hpb=5c2def51587c4b2636b5f066306b8bd5dc0e7a7a;p=koha_fer diff --git a/installer/InstallAuth.pm b/installer/InstallAuth.pm index 2c07bbe8d4..1a8a4df89f 100644 --- a/installer/InstallAuth.pm +++ b/installer/InstallAuth.pm @@ -26,7 +26,6 @@ use Digest::MD5 qw(md5_base64); require Exporter; use C4::Context; -use C4::Output; use C4::Templates; use C4::Koha; use CGI::Session; @@ -117,7 +116,7 @@ sub get_template_and_user { $tmplbase=~ s/\.tmpl$/.tt/; my $filename = "$path/modules/" . $tmplbase; my $interface = 'intranet'; - my $template = C4::Templates->new( $interface, $filename, $tmplbase); + my $template = C4::Templates->new( $interface, $filename, $tmplbase, $query); my ( $user, $cookie, $sessionID, $flags ) = checkauth( $in->{'query'}, @@ -158,12 +157,14 @@ sub get_template_and_user { } sub _get_template_language { - #verify if opac language exists in staff (bug 5660) - #conditions are 1) dir exists and 2) enabled in prefs - my ($opaclang)= @_; - return 'en' unless $opaclang; - my $path= C4::Context->config('intrahtdocs')."/prog/$opaclang"; - -d $path ? $opaclang : 'en'; + + #verify if opac language exists in staff (bug 5660) + #conditions are 1) dir exists and 2) enabled in prefs + my ($opaclang) = @_; + return 'en' unless $opaclang; + $opaclang =~ s/[^a-zA-Z_-]*//g; + my $path = C4::Context->config('intrahtdocs') . "/prog/$opaclang"; + -d $path ? $opaclang : 'en'; } =item checkauth @@ -260,7 +261,11 @@ sub checkauth { $session->param('emailaddress'), $session->param('branchprinter') ); - $cookie = $query->cookie( CGISESSID => $session->id ); + $cookie = $query->cookie( + -name => 'CGISESSID', + -value => $session->id, + -HttpOnly => 1, + ); $loggedin = 1; $userid = $session->param('cardnumber'); } @@ -272,11 +277,12 @@ sub checkauth { C4::Context->_unset_userenv($sessionID); $sessionID = undef; $userid = undef; - open L, ">>/tmp/sessionlog"; - my $time = localtime( time() ); - printf L "%20s from %16s logged out at %30s (manually).\n", $userid, - $ip, $time; - close L; + # Commented out due to its lack of usefulness + # open L, ">>/tmp/sessionlog"; + # my $time = localtime( time() ); + # printf L "%20s from %16s logged out at %30s (manually).\n", $userid, + # $ip, $time; + # close L; } } unless ($userid) { @@ -290,12 +296,16 @@ sub checkauth { my ( $return, $cardnumber ) = checkpw( $userid, $password ); if ($return) { $loggedin = 1; - open L, ">>/tmp/sessionlog"; - my $time = localtime( time() ); - printf L "%20s from %16s logged in at %30s.\n", $userid, - $ENV{'REMOTE_ADDR'}, $time; - close L; - $cookie = $query->cookie( CGISESSID => $sessionID ); + # open L, ">>/tmp/sessionlog"; + # my $time = localtime( time() ); + # printf L "%20s from %16s logged in at %30s.\n", $userid, + # $ENV{'REMOTE_ADDR'}, $time; + # close L; + $cookie = $query->cookie( + -name => 'CGISESSID', + -value => $sessionID, + -HttpOnly => 1, + ); if ( $return == 2 ) { #Only superlibrarian should have access to this page. @@ -339,6 +349,7 @@ sub checkauth { $cookie = $query->cookie( -name => 'CGISESSID', -value => '', + -HttpOnly => 1, -expires => '' ); } @@ -365,7 +376,7 @@ sub checkauth { my $filename = "$path/modules/$template_name"; $filename =~ s/\.tmpl$/.tt/; my $interface = 'intranet'; - my $template = C4::Templates->new( $interface, $filename); + my $template = C4::Templates->new( $interface, $filename, '', $query); $template->param( INPUTS => \@inputs, @@ -379,13 +390,12 @@ sub checkauth { $cookie = $query->cookie( -name => 'CGISESSID', -value => $sessionID, + -HttpOnly => 1, -expires => '' ); - print $query->header( - -type => 'text/html; charset=utf-8', - -cookie => $cookie - ), - $template->output; + + require C4::Output; + C4::Output::output_html_with_http_headers($query,$cookie,$template->output); exit; }