Koha/opac/opac-search-history.pl
Victor Grousset 14f8bce9ae Bug 12497: Fix OPAC search history reachable by URL even when disabled
Test plan:
1. Set EnableOpacSearchHistory syspref to "Keep"
2. Make a search in the OPAC
3. Go to /cgi-bin/koha/opac-search-history.pl
4. Set the EnableOpacSearchHistory syspref to "Don't keep"
5. Refresh the OPAC page to show that history is still accessible
6. Apply the patch
7. Refresh the OPAC page, you should end on the 404 page
8. Set EnableOpacSearchHistory syspref to "Keep"
9. Go to /cgi-bin/koha/opac-search-history.pl which should be reachable

Signed-off-by: David Bourgault <david.bourgault@inlibro.com>
Signed-off-by: Charles Farmer <charles.farmer@inLibro.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-12-07 10:09:52 -03:00

164 lines
5.1 KiB
Perl
Executable file

#!/usr/bin/perl
# Copyright 2013 BibLibre SARL
#
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# Koha is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
use Modern::Perl;
use C4::Auth qw(:DEFAULT get_session);
use CGI qw ( -utf8 );
use C4::Context;
use C4::Output;
use C4::Log;
use C4::Items;
use C4::Debug;
use C4::Search::History;
use URI::Escape;
use POSIX qw(strftime);
my $cgi = new CGI;
# Getting the template and auth
my ($template, $loggedinuser, $cookie) = get_template_and_user(
{
template_name => "opac-search-history.tt",
query => $cgi,
type => "opac",
authnotrequired => ( C4::Context->preference("OpacPublic") ? 1 : 0 ),
debug => 1,
}
);
unless ( C4::Context->preference("EnableOpacSearchHistory") ) {
print $cgi->redirect("/cgi-bin/koha/errors/404.pl"); # escape early
exit;
}
my $type = $cgi->param('type');
my $action = $cgi->param('action') || q{};
my $previous = $cgi->param('previous');
# If the user is not logged in, we deal with the session
unless ( $loggedinuser ) {
# Deleting search history
if ( $action eq 'delete') {
# Deleting session's search history
my @id = $cgi->multi_param('id');
my $all = not scalar( @id );
my $type = $cgi->param('type');
my @searches = ();
unless ( $all ) {
@searches = C4::Search::History::get_from_session({ cgi => $cgi });
if ( $type ) {
@searches = map { $_->{type} ne $type ? $_ : () } @searches;
}
if ( @id ) {
@searches = map { my $search = $_; ( grep {/^$search->{id}$/} @id ) ? () : $_ } @searches;
}
}
C4::Search::History::set_to_session({ cgi => $cgi, search_history => \@searches });
# Redirecting to this same url so the user won't see the search history link in the header
print $cgi->redirect(-uri => '/cgi-bin/koha/opac-search-history.pl');
# Showing search history
} else {
# Getting the searches from session
my @current_searches = C4::Search::History::get_from_session({
cgi => $cgi,
});
my @current_biblio_searches = map {
$_->{type} eq 'biblio' ? $_ : ()
} @current_searches;
my @current_authority_searches = map {
$_->{type} eq 'authority' ? $_ : ()
} @current_searches;
$template->param(
current_biblio_searches => \@current_biblio_searches,
current_authority_searches => \@current_authority_searches,
);
}
} else {
# And if the user is logged in, we deal with the database
my $dbh = C4::Context->dbh;
# Deleting search history
if ( $action eq 'delete' ) {
my @id = $cgi->multi_param('id');
if ( @id ) {
C4::Search::History::delete(
{
userid => $loggedinuser,
id => [ $cgi->param('id') ],
}
);
} else {
C4::Search::History::delete(
{
userid => $loggedinuser,
}
);
}
# Redirecting to this same url so the user won't see the search history link in the header
print $cgi->redirect(-uri => '/cgi-bin/koha/opac-search-history.pl');
# Showing search history
} else {
my $current_searches = C4::Search::History::get({
userid => $loggedinuser,
sessionid => $cgi->cookie("CGISESSID")
});
my @current_biblio_searches = map {
$_->{type} eq 'biblio' ? $_ : ()
} @$current_searches;
my @current_authority_searches = map {
$_->{type} eq 'authority' ? $_ : ()
} @$current_searches;
my $previous_searches = C4::Search::History::get({
userid => $loggedinuser,
sessionid => $cgi->cookie("CGISESSID"),
previous => 1
});
my @previous_biblio_searches = map {
$_->{type} eq 'biblio' ? $_ : ()
} @$previous_searches;
my @previous_authority_searches = map {
$_->{type} eq 'authority' ? $_ : ()
} @$previous_searches;
$template->param(
current_biblio_searches => \@current_biblio_searches,
current_authority_searches => \@current_authority_searches,
previous_biblio_searches => \@previous_biblio_searches,
previous_authority_searches => \@previous_authority_searches,
);
}
}
$template->param(searchhistoryview => 1);
output_html_with_http_headers $cgi, $cookie, $template->output, undef, { force_no_caching => 1 };