diff --git a/debian/templates/koha-conf-site.xml.in b/debian/templates/koha-conf-site.xml.in index f1f6e5af23..c35b6d8432 100644 --- a/debian/templates/koha-conf-site.xml.in +++ b/debian/templates/koha-conf-site.xml.in @@ -266,7 +266,6 @@ __END_SRU_PUBLICSERVER__ 1 __PLUGINS_DIR__ 0 - 1 __UPLOAD_PATH__ __TMP_PATH__ /usr/share/koha/intranet/cgi-bin @@ -409,6 +408,7 @@ __END_SRU_PUBLICSERVER__ developers use it to catch bugs related to strict SQL modes --> 0 0 + 1 0 - 1 __INTRANET_CGI_DIR__ @@ -226,8 +225,8 @@ developers use it to catch bugs related to strict SQL modes --> 0 0 + 1 - diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/plugins/plugins-disabled.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/plugins/plugins-disabled.tt index f8d7d38b04..4199c84dbb 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/plugins/plugins-disabled.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/plugins/plugins-disabled.tt @@ -29,9 +29,9 @@
- [% IF ( browser_upload_enabled.defined ) && ( browser_upload_enabled == 0 ) %] -

Plugin browser upload disabled

-

To enable Koha plugin browser upload, the flag enable_plugin_browser_upload must be set in the Koha configuration file

+ [% IF ( plugins_restricted.defined ) && ( plugins_restricted == 1 ) %] +

Plugin upload is restricted to only those plugins listed by your server administrator

+

To enable unrestricted plugin uploads, ask your administrator to unset plugins_restricted in the Koha configuration file

[% ELSE %]

Plugins disabled

To enable Koha plugins, the flag enable_plugins must be set in the Koha configuration file

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/plugins/plugins-home.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/plugins/plugins-home.tt index a703437b6e..ce9d9c5ce2 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/plugins/plugins-home.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/plugins/plugins-home.tt @@ -46,7 +46,7 @@ [% IF ( CAN_user_plugins_manage ) %]
- [% IF ( enable_browser_upload ) %] + [% IF ( !plugins_restricted ) %] Upload plugin [% END %] @@ -90,9 +90,7 @@ Description Organization Latest version - [% IF ( enable_browser_upload ) %]   - [% END %] @@ -102,9 +100,7 @@ [% sr.result.description | html %] [% sr.repo.name | html %] [% sr.result.tag_name | html %] - [% IF ( enable_browser_upload ) %] Install - [% END %] [% END %] @@ -220,9 +216,7 @@ [% END %] [% END %] [% IF ( CAN_user_plugins_manage ) %] - [% IF ( enable_browser_upload ) %]
  • Uninstall
    • - [% END %] [% IF ( plugin.is_enabled ) %]
  • Disable
    • [% ELSE %] diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/plugins/plugins-upload.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/plugins/plugins-upload.tt index 3756de7f78..b7b2ab8939 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/plugins/plugins-upload.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/plugins/plugins-upload.tt @@ -39,6 +39,7 @@ [% ELSIF ( ERROR.EMPTYUPLOAD ) %]
  • The upload file appears to be empty.
    • [% ELSIF ( ERROR.UZIPFAIL ) %]
  • [% ERROR.UZIPFAIL | html %] failed to unpack.
    Please verify the integrity of the zip file and retry.
    • [% ELSIF ( ERROR.NOWRITEPLUGINS ) %]
  • Cannot unpack file to the plugins directory.
    Please verify that the Apache user can write to the plugins directory.
    • + [% ELSIF ( ERROR.RESTRICTED ) %]
  • Cannot install plugin from unknown source whilst plugins_restricted is enabled.
    • [% ELSE %]
  • [% ERROR.CORERR | html %] An unknown error has occurred.
    Please review the error log for more details.
    • [% END %] [% END %]
    diff --git a/plugins/plugins-home.pl b/plugins/plugins-home.pl index 4b76299535..95dd79231a 100755 --- a/plugins/plugins-home.pl +++ b/plugins/plugins-home.pl @@ -59,7 +59,7 @@ if ($plugins_enabled) { ); $template->param( plugins => \@plugins, ); - $template->param( enable_browser_upload => C4::Context->config('enable_plugin_browser_upload') ); + $template->param( plugins_restricted => C4::Context->config('plugins_restricted') ); $template->param( can_search => C4::Context->config('plugin_repos') ? 1 : 0 ); my @results; diff --git a/plugins/plugins-uninstall.pl b/plugins/plugins-uninstall.pl index 50ee3490c3..c797af16c3 100755 --- a/plugins/plugins-uninstall.pl +++ b/plugins/plugins-uninstall.pl @@ -38,10 +38,9 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user( } ); -my $browser_upload_enabled = C4::Context->config('enable_plugin_browser_upload'); my $class = $input->param('class'); -if ( $browser_upload_enabled && $class ) { +if ( $class ) { Koha::Plugins::Handler->delete( { class => $class } ); } diff --git a/plugins/plugins-upload.pl b/plugins/plugins-upload.pl index 1fe6b3b041..cfc833fcf4 100755 --- a/plugins/plugins-upload.pl +++ b/plugins/plugins-upload.pl @@ -20,31 +20,36 @@ use Modern::Perl; use Archive::Extract; use CGI qw ( -utf8 ); +use List::Util qw( any ); use Mojo::UserAgent; use File::Temp; use C4::Context; -use C4::Auth qw( get_template_and_user ); +use C4::Auth qw( get_template_and_user ); use C4::Output qw( output_html_with_http_headers ); use C4::Members; use Koha::Logger; use Koha::Plugins; -my $plugins_enabled = C4::Context->config("enable_plugins"); -my $browser_upload_enabled = C4::Context->config('enable_plugin_browser_upload'); +my $plugins_enabled = C4::Context->config("enable_plugins"); +my $plugins_restricted = C4::Context->config("plugins_restricted"); my $input = CGI->new; my ( $template, $loggedinuser, $cookie ) = get_template_and_user( - { template_name => ($plugins_enabled && $browser_upload_enabled) ? "plugins/plugins-upload.tt" : "plugins/plugins-disabled.tt", + { + template_name => $plugins_enabled ? "plugins/plugins-upload.tt" : "plugins/plugins-disabled.tt", query => $input, type => "intranet", - flagsrequired => { plugins => 'manage' }, + flagsrequired => { plugins => 'manage' }, } ); -if ($plugins_enabled){ - $template->param( browser_upload_enabled => $browser_upload_enabled ); +if ($plugins_enabled) { + $template->param( plugins_restricted => $plugins_restricted ); +} else { + # Exit early if uploads are not enabled + output_html_with_http_headers $input, $cookie, $template->output; } my $uploadfilename = $input->param('uploadfile'); @@ -56,7 +61,7 @@ my ( $tempfile, $tfh ); my %errors; -if ($plugins_enabled && $browser_upload_enabled) { +if ($plugins_enabled) { if ( ( $op eq 'Upload' ) && ( $uploadfile || $uploadlocation ) ) { my $plugins_dir = C4::Context->config("pluginsdir"); $plugins_dir = ref($plugins_dir) eq 'ARRAY' ? $plugins_dir->[0] : $plugins_dir; @@ -67,22 +72,39 @@ if ($plugins_enabled && $browser_upload_enabled) { $filesuffix = $1 if $uploadfilename =~ m/(\..+)$/i; ( $tfh, $tempfile ) = File::Temp::tempfile( SUFFIX => $filesuffix, UNLINK => 1 ); - $errors{'NOTKPZ'} = 1 if ( $uploadfilename !~ /\.kpz$/i ); + $errors{'NOTKPZ'} = 1 if ( $uploadfilename !~ /\.kpz$/i ); $errors{'NOWRITETEMP'} = 1 unless ( -w $dirname ); $errors{'NOWRITEPLUGINS'} = 1 unless ( -w $plugins_dir ); - if ( $uploadlocation ) { - my $ua = Mojo::UserAgent->new(max_redirects => 5); - my $tx = $ua->get($uploadlocation); - $tx->result->content->asset->move_to($tempfile); + if ($uploadlocation) { + my $do_get = 1; + if ( $plugins_restricted ) { + my $repos = C4::Context->config('plugin_repos'); + + # Fix data structure if only one repo defined + if ( ref($repos->{repo}) eq 'HASH' ) { + $repos = { repo => [ $repos->{repo} ] }; + } + + $do_get = any { index($uploadlocation, $_->{org_name}) != -1 } @{ $repos->{repo} }; + } + + if ( $do_get ) { + my $ua = Mojo::UserAgent->new( max_redirects => 5 ); + my $tx = $ua->get($uploadlocation); + $tx->result->content->asset->move_to($tempfile); + } else { + $errors{'RESTRICTED'} = 1; + } } else { - $errors{'EMPTYUPLOAD'} = 1 unless ( length($uploadfile) > 0 ); + $errors{'RESTRICTED'} = 1 unless ( !$plugins_restricted ); + $errors{'EMPTYUPLOAD'} = 1 unless ( length($uploadfile) > 0 ); } if (%errors) { $template->param( ERRORS => [ \%errors ] ); } else { - if ( $uploadfile ) { + if ($uploadfile && !$plugins_restricted) { while (<$uploadfile>) { print $tfh $_; } @@ -104,7 +126,7 @@ if ($plugins_enabled && $browser_upload_enabled) { warn "Problem uploading file or no file uploaded."; } - if ( ($uploadfile || $uploadlocation) && !%errors && !$template->param('ERRORS') ) { + if ( ( $uploadfile || $uploadlocation ) && !%errors && !$template->param('ERRORS') ) { print $input->redirect("/cgi-bin/koha/plugins/plugins-home.pl"); } else { output_html_with_http_headers $input, $cookie, $template->output;