Jonathan Druart
8edb7f6fb9
From the pod of Digest::MD5:
"""
Since the MD5 algorithm is only defined for strings of bytes, it can not
be used on strings that contains chars with ordinal number above 255
(Unicode strings). The MD5 functions and methods will croak if you try
to feed them such input data.
What you can do is calculate the MD5 checksum of the UTF-8
representation of such strings.
"""
Test plan:
- Set a MySQL/MariaDB password with unicode characters:
UPDATE user SET password=PASSWORD('❤') WHERE USER='koha_kohadev';
FLUSH PRIVILEGES
- Update your $KOHA_CONF file
- Restart Memcached
- Hit the files modified by this patch
=> Without this patch, you will get a software error (with "Wide
character in subroutine entry" in the logs).
=> With this patch, everything will go fine
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Edit: removed debugging leftover
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
173 lines
6.5 KiB
Perl
Executable file
173 lines
6.5 KiB
Perl
Executable file
#!/usr/bin/perl
|
|
|
|
#script to delete items
|
|
#written 2/5/00
|
|
#by chris@katipo.co.nz
|
|
|
|
# Copyright 2000-2002 Katipo Communications
|
|
#
|
|
# This file is part of Koha.
|
|
#
|
|
# Koha is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation; either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# Koha is distributed in the hope that it will be useful, but
|
|
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with Koha; if not, see <http://www.gnu.org/licenses>.
|
|
|
|
use strict;
|
|
#use warnings; FIXME - Bug 2505
|
|
|
|
use CGI qw ( -utf8 );
|
|
use Digest::MD5 qw(md5_base64);
|
|
use Encode qw( encode );
|
|
use C4::Context;
|
|
use C4::Output;
|
|
use C4::Auth;
|
|
use C4::Members;
|
|
use Module::Load;
|
|
use Koha::Patrons;
|
|
use Koha::Patron::Images;
|
|
use Koha::Token;
|
|
|
|
if ( C4::Context->preference('NorwegianPatronDBEnable') && C4::Context->preference('NorwegianPatronDBEnable') == 1 ) {
|
|
load Koha::NorwegianPatronDB, qw( NLMarkForDeletion NLSync );
|
|
}
|
|
|
|
my $input = new CGI;
|
|
|
|
my ($template, $borrowernumber, $cookie)
|
|
= get_template_and_user({template_name => "members/deletemem.tt",
|
|
query => $input,
|
|
type => "intranet",
|
|
authnotrequired => 0,
|
|
flagsrequired => {borrowers => 1},
|
|
debug => 1,
|
|
});
|
|
|
|
#print $input->header;
|
|
my $member = $input->param('member');
|
|
|
|
#Do not delete yourself...
|
|
if ($borrowernumber == $member ) {
|
|
print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE_YOURSELF");
|
|
exit 0; # Exit without error
|
|
}
|
|
|
|
# Handle deletion from the Norwegian national patron database, if it is enabled
|
|
# If the "deletelocal" parameter is set to "false", the regular deletion will be
|
|
# short circuited, and only a deletion from the national database can be carried
|
|
# out. If "deletelocal" is set to "true", or not set to anything normal
|
|
# deletion will be done.
|
|
my $deletelocal = $input->param('deletelocal') eq 'false' ? 0 : 1; # Deleting locally is the default
|
|
if ( C4::Context->preference('NorwegianPatronDBEnable') && C4::Context->preference('NorwegianPatronDBEnable') == 1 ) {
|
|
if ( $input->param('deleteremote') eq 'true' ) {
|
|
# Mark for deletion, then try a live sync
|
|
NLMarkForDeletion( $member );
|
|
NLSync({ 'borrowernumber' => $member });
|
|
}
|
|
}
|
|
|
|
my $issues = GetPendingIssues($member); # FIXME: wasteful call when really, we only want the count
|
|
my $countissues = scalar(@$issues);
|
|
|
|
my ($bor)=GetMemberDetails($member,'');
|
|
my $flags=$bor->{flags};
|
|
my $userenv = C4::Context->userenv;
|
|
|
|
|
|
|
|
if ($bor->{category_type} eq "S") {
|
|
unless(C4::Auth::haspermission($userenv->{'id'},{'staffaccess'=>1})) {
|
|
print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE_STAFF");
|
|
exit 0; # Exit without error
|
|
}
|
|
} else {
|
|
unless(C4::Auth::haspermission($userenv->{'id'},{'borrowers'=>1})) {
|
|
print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE");
|
|
exit 0; # Exit without error
|
|
}
|
|
}
|
|
|
|
if (C4::Context->preference("IndependentBranches")) {
|
|
my $userenv = C4::Context->userenv;
|
|
if ( !C4::Context->IsSuperLibrarian() && $bor->{'branchcode'}){
|
|
unless ($userenv->{branch} eq $bor->{'branchcode'}){
|
|
print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE_OTHERLIBRARY");
|
|
exit 0; # Exit without error
|
|
}
|
|
}
|
|
}
|
|
|
|
my $op = $input->param('op') || 'delete_confirm';
|
|
my $dbh = C4::Context->dbh;
|
|
my $is_guarantor = $dbh->selectrow_array("SELECT COUNT(*) FROM borrowers WHERE guarantorid=?", undef, $member);
|
|
if ( $op eq 'delete_confirm' or $countissues > 0 or $flags->{'CHARGES'} or $is_guarantor or $deletelocal == 0) {
|
|
my $patron_image = Koha::Patron::Images->find($bor->{borrowernumber});
|
|
$template->param( picture => 1 ) if $patron_image;
|
|
|
|
$template->param(borrowernumber => $member,
|
|
surname => $bor->{'surname'},
|
|
title => $bor->{'title'},
|
|
cardnumber => $bor->{'cardnumber'},
|
|
firstname => $bor->{'firstname'},
|
|
categorycode => $bor->{'categorycode'},
|
|
category_type => $bor->{'category_type'},
|
|
categoryname => $bor->{'description'},
|
|
address => $bor->{'address'},
|
|
address2 => $bor->{'address2'},
|
|
city => $bor->{'city'},
|
|
zipcode => $bor->{'zipcode'},
|
|
country => $bor->{'country'},
|
|
phone => $bor->{'phone'},
|
|
email => $bor->{'email'},
|
|
branchcode => $bor->{'branchcode'},
|
|
activeBorrowerRelationship => (C4::Context->preference('borrowerRelationship') ne ''),
|
|
RoutingSerials => C4::Context->preference('RoutingSerials'),
|
|
);
|
|
if ($countissues >0) {
|
|
$template->param(ItemsOnIssues => $countissues);
|
|
}
|
|
if ($flags->{'CHARGES'} ne '') {
|
|
$template->param(charges => $flags->{'CHARGES'}->{'amount'});
|
|
}
|
|
if ($is_guarantor) {
|
|
$template->param(guarantees => 1);
|
|
}
|
|
if ($deletelocal == 0) {
|
|
$template->param(keeplocal => 1);
|
|
}
|
|
# This is silly written but reflect the same conditions as above
|
|
if ( not $countissues > 0 and not $flags->{CHARGES} ne '' and not $is_guarantor and not $deletelocal == 0 ) {
|
|
$template->param(
|
|
op => 'delete_confirm',
|
|
csrf_token => Koha::Token->new->generate_csrf(
|
|
{ id => C4::Context->userenv->{id},
|
|
secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
|
|
}
|
|
),
|
|
);
|
|
}
|
|
} elsif ( $op eq 'delete_confirmed' ) {
|
|
|
|
die "Wrong CSRF token"
|
|
unless Koha::Token->new->check_csrf({
|
|
id => C4::Context->userenv->{id},
|
|
secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
|
|
token => scalar $input->param('csrf_token'),
|
|
});
|
|
my $patron = Koha::Patrons->find( $member );
|
|
$patron->move_to_deleted;
|
|
$patron->delete;
|
|
# TODO Tell the user everything went ok
|
|
print $input->redirect("/cgi-bin/koha/members/members-home.pl");
|
|
exit 0; # Exit without error
|
|
}
|
|
|
|
output_html_with_http_headers $input, $cookie, $template->output;
|