Browse Source
This script is no longer used, and in addition has problematic
handling of its parameters that could lead to writing to
arbitrary files on the server.
To test:
[1] Verify that member-picupload.pl is no longer referred
to in the codebase after applying this patch.
[2] Verify that there are no regressions in patron
photo management.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Found no regressions in removing this script.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
3.16.x
Galen Charlton
10 years ago
1 changed files with 0 additions and 77 deletions
@ -1,77 +0,0 @@ |
|||
#!/usr/bin/perl |
|||
|
|||
|
|||
# script to upload a picture to a borrowerimages directory. |
|||
# checks to see if its either displaying the upload form |
|||
# or doing the actual upload. |
|||
# written by Waylon Robertson (genjimoto@sourceforge) 2005/08/22 |
|||
|
|||
|
|||
# Copyright 2000-2002 Katipo Communications |
|||
# |
|||
# This file is part of Koha. |
|||
# |
|||
# Koha is free software; you can redistribute it and/or modify it under the |
|||
# terms of the GNU General Public License as published by the Free Software |
|||
# Foundation; either version 2 of the License, or (at your option) any later |
|||
# version. |
|||
# |
|||
# Koha is distributed in the hope that it will be useful, but WITHOUT ANY |
|||
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR |
|||
# A PARTICULAR PURPOSE. See the GNU General Public License for more details. |
|||
# |
|||
# You should have received a copy of the GNU General Public License along |
|||
# with Koha; if not, write to the Free Software Foundation, Inc., |
|||
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
|||
|
|||
use strict; |
|||
use warnings; |
|||
|
|||
use C4::Auth; |
|||
use C4::Context; |
|||
use C4::Output; |
|||
use CGI; |
|||
|
|||
|
|||
my $input = new CGI; |
|||
my $name = $input->param('name'); |
|||
my $borrowernumber = $input->param('borrowernumber'); |
|||
my $photo = $input->param('photo'); |
|||
|
|||
my $template_name; |
|||
my $htdocs = C4::Context->config('intrahtdocs'); |
|||
my $upload_dir = $htdocs."/borrowerimages"; |
|||
if($photo eq ""){ |
|||
$template_name = "members/member-picupload.tmpl"; |
|||
} else { |
|||
$template_name = "members/moremember.tmpl"; |
|||
} |
|||
|
|||
my ($template, $loggedinuser, $cookie) |
|||
= get_template_and_user({template_name => $template_name, |
|||
query => $input, |
|||
type => "intranet", |
|||
authnotrequired => 0, |
|||
flagsrequired => {borrowers => 1}, |
|||
debug => 1, |
|||
}); |
|||
if ($photo){ |
|||
|
|||
my $filename=$borrowernumber.'.jpg'; |
|||
my $upload_filehandle = $input->upload("photo"); |
|||
open (my $upload_fh, '>', "$upload_dir/$filename"); |
|||
binmode $upload_fh; |
|||
while ( <$upload_filehandle> ) |
|||
{ |
|||
print $upload_fh; |
|||
} |
|||
close $upload_fh; |
|||
} |
|||
else { |
|||
$template->param( |
|||
borrowernumber => $borrowernumber, |
|||
name => $name |
|||
); |
|||
output_html_with_http_headers $input, $cookie, $template->output; |
|||
} |
|||
print $input->redirect("http://intranet/cgi-bin/koha/members/moremember.pl?borrowernumber=$borrowernumber"); |
|||
Loading…
Reference in new issue