Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/opac/sco/sco-patron-image.pl
Nicholas can Oudtshoorn 30f0e7fec9 Bug 14407: Allow restricting SCO to IP or IP range 
Converted this to actual applicable patches.
I think the test plan is comment #28. -- Mark Tompsett

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-05-10 11:39:50 +00:00

74 lines
2.3 KiB
Perl
Executable file
Raw Blame History

#!/usr/bin/perl
#
# Copyright 2009 LibLime
#
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# Koha is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
use Modern::Perl;
use C4::Auth qw(in_ipset);
use C4::Service;
use C4::Members;
use Koha::Patron::Images;
use Koha::Patrons;
use Koha::Token;
my ( $query, $response ) = C4::Service->init( self_check => 'self_checkout_module' );
unless (C4::Context->preference('WebBasedSelfCheck')) {
print $query->header(status => '403 Forbidden - web-based self-check not enabled');
exit;
}
unless (C4::Context->preference('ShowPatronImageInWebBasedSelfCheck')) {
print $query->header(status => '403 Forbidden - displaying patron images in self-check not enabled');
exit;
}
unless ( in_ipset(C4::Context->preference('SelfCheckAllowByIPRanges')) ) {
print $query->header(status => '403 Forbidden - functionality not available from your location');
exit;
}
my ($borrowernumber) = C4::Service->require_params('borrowernumber');
my ($csrf_token) = C4::Service->require_params('csrf_token');
my $patron = Koha::Patrons->find( $borrowernumber );
my $patron_image = $patron->image;
if ($patron_image) {
unless (
Koha::Token->new->check_csrf(
{
session_id => scalar $query->cookie('CGISESSID')
. $patron->cardnumber,
id => $patron->userid,
token => $csrf_token,
}
)
)
{
print $query->header(-type => 'text/plain', -status => '403 Forbidden');
exit;
}
print $query->header(
-type => $patron_image->mimetype,
-Content_Length => length( $patron_image->imagefile )
),
$patron_image->imagefile;
} else {
print $query->header(status => '404 patron image not found');
}
View git blame Copy permalink