Commit graph

13 commits

Author SHA1 Message Date
Jared Camins-Esakov
35b6a5ea11 Bug 3652: close XSS vulnerabilities in opac-export
The opac-export.pl script had a number of XSS vulnerabilities relating
to its error handling.

To test:
1) Go to /cgi-bin/koha/opac-export.pl?op=export&bib=2&format=<h2>evil</h2>
   (substituting a valid biblionumber for the '2')
2) Notice that "evil" is rendered as an h2 heading.
3) Apply patch.
4) Notice that you now see the h2 tags, and they are not rendered by
   the browser.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-10-24 15:40:18 +02:00
Jared Camins-Esakov
6378436089 Bug 7345: Enable exporting records sans private fields
Add an option for marcstd to the opac-export.pl and catalogue/export.pl
scripts. This new format removes all 9XX, X9X, XX9 fields and subfield $9
(with the exception of 490 in flavours of MARC other than UNIMARC). The work is
done in C4::Record::marc2marc.

This patch adds the new export option 'marcstd' for exporting MARC
records without 9xx, x9x and xx9 fields and subfields to the staff
detail page.

Testing plan:
1. Export a record in "MARC (Unicode/UTF-8)" format as a control
2. In the OPAC, run the following jQuery to add the marcstd option to the UI:
> $("#export #format").append("<option value='marcstd'>MARC (no 9xx)</option>");
3. Export the same record in "MARC (no 9xx)" format
4. Compare the two, noticing that any subfield $9 or fields including 9 (other
   than 490 in flavours of MARC other than UNIMARC) have been removed

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Works as advertised now.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
This patch squashes both the original patch and Katrin's follow-up adding
marcstd as an export option on the staff client.

Feb 13, 2012 (marcel): Amended this patch to resolved two definitions of $error in catalogue/export script.
2012-02-13 11:32:18 +01:00
Chris Cormack
93d4c90a68 Bug 4330: Wrong address for Free Software Foundation
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
2011-11-24 14:15:55 +01:00
Steven Callender
a2a9bc5220 Bug 6822: fix RIS export from OPAC
Prior to this patch, RIS export was producing
effectively empty output.

Signed-off-by: Steven Callender <stevecallender@esilibrary.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-09-01 21:39:10 +12:00
223156ea74 6747 Checks in opac-export
Added check on returned marc. If record does not exist, generate 404. (Prevents 500 errors by Googlebot on deleted records.)
Fixed typo, whitespace. Removed if on op=export. Added check on format.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-08-27 07:09:42 +12:00
Matthias Meusburger
a3ff0bb5cb bug 5579 : Fixes several exports to embed items
- The following export pages used to embed items when exporting,
    this was no longer the case, so they were fixed :
      Intranet :
        - basket/downloadcart.pl,
        - virtualshelves/downloadshelf.pl
        - catalogue/export.pl
      Opac :
        - opac/opac-downloadcart.pl
        - opac/opac-downloadshelf.pl
        - opac/opac-export.pl

  - Notes :
     - GetMarcBiblio used to embed items data, this was no longer the case,
       so an optional parameter was added to choose if items should be embedded or not.
       This way, previous work on this bug is not broken, and this is a pretty usefull
       feature, imho.
     - An optional parameter has been added to SetUTF8Flag, to be able to use NFD during
       normalization. This was required to make Unicode/UTF-8 export work again.

Signed-off-by: Claire Hernandez <claire.hernandez@biblibre.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-04-19 22:35:15 +12:00
Chris Cormack
58013b6c2a Bug 6040 : Adding some error handling to the opac export
Signed-off-by: Matthias Meusburger <matthias.meusburger@biblibre.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-04-06 17:04:19 +12:00
f3dd19f2f7 Fix for Bug 4400, BIBTEX export from OPAC results in empty file
opac-export.pl tries to get two variables from marc2bibtex(),
but it only returns one.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-05-11 06:14:38 -04:00
Henri-Damien LAURENT
554c97bae7 Adding RIS and bibtex export
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2009-09-30 11:22:22 +02:00
Garry Collum
11a1c687fd Bug 2505: Enabled warnings in opac-export.pl and opac-sendbasket.pl
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2009-08-12 21:28:27 -04:00
Galen Charlton
4bf76c2d77 bug 2615: remove unneeded 'require Exporter'
Most Perl scripts (as opposed to modules) do
not need to require Exporter.

No user-visible or documentation changes.

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2008-09-26 09:05:08 -05:00
Paul POULAIN
a502aa1c76 HTML::Template => HTML::Template::Pro
HTML::Template is no more used, some were remaining,
fixing the "use ...;" to H::T::Pro only

Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-12-02 14:55:55 -06:00
Joshua Ferraro
2a1587d1ce adding export feature to OPAC
Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-11-20 15:59:06 -06:00