diff --git a/C4/UploadedFiles.pm b/C4/UploadedFiles.pm new file mode 100644 index 0000000000..246b02b8ee --- /dev/null +++ b/C4/UploadedFiles.pm @@ -0,0 +1,226 @@ +package C4::UploadedFiles; + +# Copyright 2011-2012 BibLibre +# +# This file is part of Koha. +# +# Koha is free software; you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# +# Koha is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +# A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with Koha; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +=head1 NAME + +C4::UploadedFiles - Functions to deal with files uploaded with cataloging plugin upload.pl + +=head1 SYNOPSIS + + use C4::UploadedFiles; + + my $filename = $cgi->param('uploaded_file'); + my $file = $cgi->upload('uploaded_file'); + my $dir = $input->param('dir'); + + # upload file + my $id = C4::UploadedFiles::UploadFile($filename, $dir, $file->handle); + + # retrieve file infos + my $uploaded_file = C4::UploadedFiles::GetUploadedFile($id); + + # delete file + C4::UploadedFiles::DelUploadedFile($id); + +=head1 DESCRIPTION + +This module provides basic functions for adding, retrieving and deleting files related to +cataloging plugin upload.pl. + +It uses uploaded_files table. + +It is not related to C4::UploadedFile + +=head1 FUNCTIONS + +=cut + +use Modern::Perl; +use Digest::SHA; +use Fcntl; +use Encode; + +use C4::Context; + +sub _get_file_path { + my ($id, $dirname, $filename) = @_; + + my $uploadPath = C4::Context->preference('uploadPath'); + my $filepath = "$uploadPath/$dirname/${id}_$filename"; + $filepath =~ s|/+|/|g; + + return $filepath; +} + +=head2 GetUploadedFile + + my $file = C4::UploadedFiles::GetUploadedFile($id); + +Returns a hashref containing infos on uploaded files. +Hash keys are: + +=over 2 + +=item * id: id of the file (same as given in argument) + +=item * filename: name of the file + +=item * dir: directory where file is stored (relative to syspref 'uploadPath') + +=back + +It returns undef if file is not found + +=cut + +sub GetUploadedFile { + my ($id) = @_; + + return unless $id; + + my $dbh = C4::Context->dbh; + my $query = qq{ + SELECT id, filename, dir + FROM uploaded_files + WHERE id = ? + }; + my $sth = $dbh->prepare($query); + $sth->execute($id); + my $file = $sth->fetchrow_hashref; + if ($file) { + $file->{filepath} = _get_file_path($file->{id}, $file->{dir}, + $file->{filename}); + } + + return $file; +} + +=head2 UploadFile + + my $id = C4::UploadedFiles::UploadFile($filename, $dir, $io_handle); + +Upload a new file and returns its id (its SHA-1 sum, actually). + +Parameters: + +=over 2 + +=item * $filename: name of the file + +=item * $dir: directory where to store the file (path relative to syspref 'uploadPath' + +=item * $io_handle: valid IO::Handle object, can be retrieved with +$cgi->upload('uploaded_file')->handle; + +=back + +=cut + +sub UploadFile { + my ($filename, $dir, $handle) = @_; + + $filename = decode_utf8($filename); + if($filename =~ m#(^|/)\.\.(/|$)# or $dir =~ m#(^|/)\.\.(/|$)#) { + warn "Filename or dirname contains '..'. Aborting upload"; + return; + } + + my $buffer; + my $data = ''; + while($handle->read($buffer, 1024)) { + $data .= $buffer; + } + $handle->close; + + my $sha = new Digest::SHA; + $sha->add($data); + my $id = $sha->hexdigest; + + # Test if this id already exist + my $file = GetUploadedFile($id); + if ($file) { + return $file->{id}; + } + + my $file_path = _get_file_path($id, $dir, $filename); + + my $out_fh; + # Create the file only if it doesn't exist + unless( sysopen($out_fh, $file_path, O_WRONLY|O_CREAT|O_EXCL) ) { + warn "Failed to open file '$file_path': $!"; + return; + } + + print $out_fh $data; + close $out_fh; + + my $dbh = C4::Context->dbh; + my $query = qq{ + INSERT INTO uploaded_files (id, filename, dir) + VALUES (?,?, ?); + }; + my $sth = $dbh->prepare($query); + if($sth->execute($id, $filename, $dir)) { + return $id; + } + + return undef; +} + +=head2 DelUploadedFile + + C4::UploadedFiles::DelUploadedFile($id); + +Remove a previously uploaded file, given its id. + +Returns a false value if an error occurs. + +=cut + +sub DelUploadedFile { + my ($id) = @_; + + my $file = GetUploadedFile($id); + if($file) { + my $file_path = $file->{filepath}; + my $file_deleted = 0; + unless( -f $file_path ) { + warn "Id $file->{id} is in database but not in filesystem, removing id from database"; + $file_deleted = 1; + } else { + if(unlink $file_path) { + $file_deleted = 1; + } + } + + unless($file_deleted) { + warn "File $file_path cannot be deleted: $!"; + } + + my $dbh = C4::Context->dbh; + my $query = qq{ + DELETE FROM uploaded_files + WHERE id = ? + }; + my $sth = $dbh->prepare($query); + return $sth->execute($id); + } +} + +1; diff --git a/cataloguing/value_builder/upload.pl b/cataloguing/value_builder/upload.pl new file mode 100755 index 0000000000..0cb33f4774 --- /dev/null +++ b/cataloguing/value_builder/upload.pl @@ -0,0 +1,178 @@ +#!/usr/bin/perl + +# Copyright 2011-2012 BibLibre +# +# This file is part of Koha. +# +# Koha is free software; you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# +# Koha is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +# A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with Koha; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +use Modern::Perl; +use CGI qw/-utf8/; +use File::Basename; + +use C4::Auth; +use C4::Context; +use C4::Output; +use C4::UploadedFiles; + +my $upload_path = C4::Context->preference('uploadPath'); + +sub plugin_parameters { + my ( $dbh, $record, $tagslib, $i, $tabloop ) = @_; + return ""; +} + +sub plugin_javascript { + my ( $dbh, $record, $tagslib, $field_number, $tabloop ) = @_; + my $function_name = $field_number; + my $res = " + +"; + + return ( $function_name, $res ); +} + +sub plugin { + my ($input) = @_; + my $index = $input->param('index'); + my $id = $input->param('id'); + my $delete = $input->param('delete'); + my $uploaded_file = $input->param('uploaded_file'); + + my $template_name = ($id || $delete) + ? "upload_delete_file.tt" + : "upload.tt"; + + my ( $template, $loggedinuser, $cookie ) = get_template_and_user( + { template_name => "cataloguing/value_builder/$template_name", + query => $input, + type => "intranet", + authnotrequired => 0, + flagsrequired => { editcatalogue => '*' }, + debug => 1, + } + ); + + # Dealing with the uploaded file + if ($uploaded_file) { + my $fh = $input->upload('uploaded_file'); + my $dir = $input->param('dir'); + + $id = C4::UploadedFiles::UploadFile($uploaded_file, $dir, $fh->handle); + if($id) { + my $OPACBaseURL = C4::Context->preference('OPACBaseURL'); + $OPACBaseURL =~ s#/$##; + my $return = "$OPACBaseURL/cgi-bin/koha/opac-retrieve-file.pl?id=$id"; + $template->param( + success => 1, + return => $return, + uploaded_file => $uploaded_file, + ); + } else { + $template->param(error => 1); + } + } elsif ($delete || $id) { + # If there's already a file uploaded for this field, + # We handle its deletion + if ($delete) { + if(C4::UploadedFiles::DelUploadedFile($id)) {; + $template->param(success => 1); + } else { + $template->param(error => 1); + } + } + } else { + my $filefield = CGI::filefield( + -name => 'uploaded_file', + -size => 50, + ); + + my $dirs_tree = [ { + name => '/', + value => '/', + dirs => finddirs($upload_path) + } ]; + + $template->param( + dirs_tree => $dirs_tree, + filefield => $filefield + ); + } + + $template->param( + index => $index, + id => $id + ); + + output_html_with_http_headers $input, $cookie, $template->output; +} + +# Build a hierarchy of directories +sub finddirs { + my $base = shift || $upload_path; + my $found = 0; + my @dirs; + my @files = <$base/*>; + foreach (@files) { + if (-d $_ and -w $_) { + my $lastdirname = basename($_); + my $dirname = $_; + $dirname =~ s/^$upload_path//g; + push @dirs, { + value => $dirname, + name => $lastdirname, + dirs => finddirs($_) + }; + $found = 1; + }; + } + return \@dirs; +} + +1; + + +__END__ + +=head1 upload.pl + +This plugin allow to upload files on the server and reference it in a marc +field. + +Two system preference are used: + +=over 4 + +=item * uploadPath: the real absolute path where files will be stored + +=item * OPACBaseURL: for building URLs to be stored in MARC + +=back diff --git a/installer/data/mysql/kohastructure.sql b/installer/data/mysql/kohastructure.sql index 2409bc2b87..269531a5d5 100644 --- a/installer/data/mysql/kohastructure.sql +++ b/installer/data/mysql/kohastructure.sql @@ -3360,6 +3360,17 @@ CREATE TABLE IF NOT EXISTS `borrower_modifications` ( KEY `borrowernumber` (`borrowernumber`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; +-- +-- Table structure for table uploaded_files +-- + +DROP TABLE IF EXISTS uploaded_files +CREATE TABLE uploaded_files ( + id CHAR(40) NOT NULL PRIMARY KEY, + filename TEXT NOT NULL, + dir TEXT NOT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; + -- -- Table structure for table linktracker -- This stores clicks to external links diff --git a/installer/data/mysql/sysprefs.sql b/installer/data/mysql/sysprefs.sql index 3c7bcc0a17..1a0b2a0319 100644 --- a/installer/data/mysql/sysprefs.sql +++ b/installer/data/mysql/sysprefs.sql @@ -451,6 +451,7 @@ INSERT INTO systempreferences ( `variable`, `value`, `options`, `explanation`, ` ('UniqueItemFields','barcode','','Space-separated list of fields that should be unique (used in acquisition module for item creation). Fields must be valid SQL column names of items table','Free'), ('UpdateNotForLoanStatusOnCheckin', '', 'NULL', 'This is a list of value pairs. When an item is checked in, if the not for loan value on the left matches the items not for loan value it will be updated to the right-hand value. E.g. ''-1: 0'' will cause an item that was set to ''Ordered'' to now be available for loan. Each pair of values should be on a separate line.', 'Free'), ('UpdateTotalIssuesOnCirc','0',NULL,'Whether to update the totalissues field in the biblio on each circ.','YesNo'), +('uploadPath','',NULL,'Sets the upload path for the upload.pl plugin. For security reasons, the upload path MUST NOT be a public, webserver accessible directory.','Free') ('uppercasesurnames','0',NULL,'If ON, surnames are converted to upper case in patron entry form','YesNo'), ('URLLinkText','',NULL,'Text to display as the link anchor in the OPAC','free'), ('UsageStats', 0, NULL, 'Share anonymous usage data on the Hea Koha community website.', 'YesNo'), diff --git a/installer/data/mysql/updatedatabase.pl b/installer/data/mysql/updatedatabase.pl index 4e5be13830..705b4bcdc2 100755 --- a/installer/data/mysql/updatedatabase.pl +++ b/installer/data/mysql/updatedatabase.pl @@ -10726,6 +10726,27 @@ if ( CheckVersion($DBversion) ) { SetVersion($DBversion); } +$DBversion = "XXX"; +if ( CheckVersion($DBversion) ) { + $dbh->do(" + INSERT IGNORE INTO systempreferences (variable,value,explanation,options,type) + VALUES('uploadPath','','Sets the upload path for the upload.pl plugin','',''); + "); + + $dbh->do(" + CREATE TABLE uploaded_files ( + id CHAR(40) NOT NULL PRIMARY KEY, + filename TEXT NOT NULL, + dir TEXT NOT NULL + ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; + "); + + print "Upgrade to $DBversion done (Bug 6874: New cataloging plugin upload.pl)\n"; + print "This plugin comes with a new syspref (uploadPath) and a new table (uploaded_files)\n"; + print "To use it, set 'uploadPath' and 'OPACBaseURL' system preferences and link this plugin to a subfield (856\$u for instance)\n"; + SetVersion($DBversion); +} + # DEVELOPER PROCESS, search for anything to execute in the db_update directory # SEE bug 13068 # if there is anything in the atomicupdate, read and execute it. diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/cataloguing.pref b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/cataloguing.pref index bc35aad8a1..e8ddf3cd92 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/cataloguing.pref +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/cataloguing.pref @@ -125,6 +125,10 @@ Cataloging: - 'MARC21: "952$a 952$b 952$c"' - Note that the FA framework is excluded from the permission. - If the pref is empty, no fields are restricted. + - + - Absolute path where to store files uploaded in MARC record (plugin upload.pl) + - pref: uploadPath + class: multi Display: - - 'Separate multiple displayed authors, series or subjects with ' diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/value_builder/upload.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/value_builder/upload.tt new file mode 100644 index 0000000000..4fae58a7e2 --- /dev/null +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/value_builder/upload.tt @@ -0,0 +1,71 @@ + + + + Upload plugin + + + + + + +[% IF ( success ) %] + + + + + The file [% uploaded_file | html %] has been successfully uploaded. +

+ +[% ELSE %] + + [% IF ( error ) %] +

Error: Failed to upload file. See logs for details.

+ + [% ELSE %] + [%# This block display recursively a directory tree in variable 'dirs' %] + [% BLOCK list_dirs %] + [% IF dirs.size %] + + [% END %] + [% END %] + +

Please select the file to upload :

+
+ [% filefield %] +

Choose where to upload file

+ [% INCLUDE list_dirs dirs = dirs_tree %] + + + +
+ [% END %] + +[% END %] + + + diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/value_builder/upload_delete_file.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/value_builder/upload_delete_file.tt new file mode 100644 index 0000000000..7817bbedd4 --- /dev/null +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/value_builder/upload_delete_file.tt @@ -0,0 +1,60 @@ + + + + Upload plugin + + + + + + + +[% IF ( success ) %] + + + +

The file has been successfully deleted.

+ + + + +[% ELSE %] + + [% IF ( error ) %] + Error: Unable to delete the file. +

+ [% ELSE %] +

File deletion

+

A file has already been uploaded for this field. Do you want to delete it?

+
+ + + + + + +
+ [% END %] + +[% END %] + + + diff --git a/opac/opac-retrieve-file.pl b/opac/opac-retrieve-file.pl new file mode 100755 index 0000000000..ddbf1ac574 --- /dev/null +++ b/opac/opac-retrieve-file.pl @@ -0,0 +1,47 @@ +#!/usr/bin/perl + +# Copyright 2011-2012 BibLibre +# +# This file is part of Koha. +# +# Koha is free software; you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# +# Koha is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +# A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with Koha; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +use Modern::Perl; +use CGI; + +use C4::Context; +use C4::UploadedFiles; + +my $input = new CGI; + +my $id = $input->param('id'); +my $file = C4::UploadedFiles::GetUploadedFile($id); +exit 1 if not $file; + +my $file_path = $file->{filepath}; + +if( -f $file_path ) { + open FH, '<', $file_path or die "Can't open file: $!"; + print $input->header( + -type => "application/octet-stream", + -attachment => $file->{filename} + ); + while() { + print $_; + } +} else { + exit 1; +} + +exit 0;