Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/tools/upload-file.pl
Alex Arnaud 2fcc02321f Bug 13663: Fix permissions in upload-file.pl and upload-file-progress.pl 
Test plan:
Verify that the circulate_remaining_permissions perm is enough to upload
.koc file.

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
2015-08-07 15:18:44 -03:00

95 lines
3 KiB
Perl
Executable file
Raw Blame History

#!/usr/bin/perl
# Copyright (C) 2007 LibLime
#
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# Koha is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
use strict;
#use warnings; FIXME - Bug 2505
# standard or CPAN modules used
use IO::File;
use CGI qw ( -utf8 );
use CGI::Session;
use C4::Context;
use C4::Auth qw/check_cookie_auth haspermission/;
use CGI::Cookie; # need to check cookies before
# having CGI parse the POST request
use C4::UploadedFile;
# upload-file.pl must authenticate the user
# before processing the POST request,
# and quickly bounce if the user is
# not authorized. Consequently, unlike
# most of the other CGI scripts, upload-file.pl
# requires that the session cookie already
# have been created.
my $flags_required = [
{circulate => 'circulate_remaining_permissions'},
{tools => 'stage_marc_import'},
{tools => 'upload_local_cover_images'}
];
my %cookies = fetch CGI::Cookie;
my $auth_failure = 1;
my ($auth_status, $sessionID) = check_cookie_auth($cookies{'CGISESSID'}->value);
foreach my $flag_required (@{ $flags_required}) {
if (my $flags = haspermission(C4::Context->config('user'), $flag_required)) {
$auth_failure = 0 if $auth_status eq 'ok';
}
}
if ($auth_failure) {
$auth_status = 'denied' if $auth_status eq 'failed';
send_reply($auth_status, "");
exit 0;
}
our $uploaded_file = C4::UploadedFile->new($sessionID);
unless (defined $uploaded_file) {
# FIXME - failed to create file for some reason
send_reply('failed', '');
exit 0;
}
$uploaded_file->max_size($ENV{'CONTENT_LENGTH'}); # may not be the file size, exactly
my $query;
$query = new CGI \&upload_hook;
$uploaded_file->done();
send_reply('done', $uploaded_file->id());
# FIXME - if possible, trap signal caused by user cancelling upload
# FIXME - something is wrong during cleanup: \t(in cleanup) Can't call method "commit" on unblessed reference at /usr/local/share/perl/5.8.8/CGI/Session/Driver/DBI.pm line 130 during global destruction.
exit 0;
sub upload_hook {
my ($file_name, $buffer, $bytes_read, $session) = @_;
$uploaded_file->stash(\$buffer, $bytes_read);
if ( ! $uploaded_file->name && $file_name ) { # save name on first chunk
$uploaded_file->name($file_name);
}
}
sub send_reply {
my ($upload_status, $fileid) = @_;
my $reply = CGI->new("");
print $reply->header(-type => 'text/html');
# response will be sent back as JSON
print '{"status":"' . $upload_status . '","fileid":"' . $fileid . '"}';
}
View git blame Copy permalink