Koha/svc/bib_profile
Julian Maurice 96cc447045 Bug 25898: Prohibit indirect object notation
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-10-15 12:56:30 +02:00

129 lines
4.6 KiB
Perl
Executable file

#!/usr/bin/perl
# Copyright 2007 LibLime
#
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# Koha is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
#
use Modern::Perl;
use CGI qw ( -utf8 );
use C4::Auth qw/check_api_auth/;
use C4::Context;
use C4::Koha;
use Koha::ItemTypes;
use XML::Simple;
my $query = CGI->new;
my ($status, $cookie, $sessionID) = check_api_auth($query, { editcatalogue => 'edit_catalogue'} );
if ($status eq "ok") {
print $query->header(-type => 'text/xml', cookie => $cookie);
} else {
print $query->header(-type => 'text/xml', -status => '403 Forbidden');
print XMLout({ auth_status => $status }, NoAttr => 1, RootName => 'response', XMLDecl => 1);
exit 0;
}
my $dbh = C4::Context->dbh;
# get list of required tags
my $result = {};
$result->{'auth_status'} = $status;
_get_mandatory_tags($result);
_get_mandatory_subfields($result);
_get_reserved_tags($result);
_get_bib_number_tag($result);
_get_biblioitem_itemtypes($result);
print XMLout($result, NoAttr => 1, RootName => 'response', XMLDecl => 1,
GroupTags => {mandatory_tags => 'tag', mandatory_subfields => 'subfield', reserved_tags => 'tag',
valid_values => 'value'});
exit 0;
sub _get_mandatory_tags {
my $result = shift;
my $sth = $dbh->prepare_cached("SELECT tagfield FROM marc_tag_structure WHERE frameworkcode = '' AND mandatory = 1");
$sth->execute();
my @tags = ();
while (my $row = $sth->fetchrow_arrayref) {
push @tags, $row->[0];
}
$result->{'mandatory_tags'} = \@tags;
}
sub _get_mandatory_subfields {
my $result = shift;
my $sth = $dbh->prepare_cached("SELECT tagfield, tagsubfield
FROM marc_subfield_structure
WHERE frameworkcode = ''
AND tagsubfield <> '\@'
AND kohafield <> 'biblioitems.itemtype'
AND mandatory = 1");
$sth->execute();
my @subfields = ();
while (my $row = $sth->fetchrow_arrayref) {
push @subfields, { tag => $row->[0], subfield_label => $row->[1] };
}
$result->{'mandatory_subfields'} = \@subfields;
}
sub _get_reserved_tags {
my $result = shift;
my $sth = $dbh->prepare_cached("SELECT DISTINCT tagfield
FROM marc_subfield_structure
WHERE frameworkcode = ''
AND (kohafield = 'items.itemnumber' OR kohafield = 'biblioitems.itemtype' OR
kohafield = 'biblio.biblionumber')");
$sth->execute();
my @tags = ();
while (my $row = $sth->fetchrow_arrayref) {
push @tags, $row->[0];
}
$result->{'reserved_tags'} = \@tags;
}
sub _get_bib_number_tag {
my $result = shift;
my $sth = $dbh->prepare_cached("SELECT tagfield, tagsubfield
FROM marc_subfield_structure
WHERE frameworkcode = ''
AND kohafield = 'biblio.biblionumber'");
$sth->execute();
my @tags = ();
while (my $row = $sth->fetchrow_arrayref) {
push @tags, { tag => $row->[0], subfield => $row->[1] };
}
$result->{'bib_number'} = \@tags;
}
sub _get_biblioitem_itemtypes {
my $result = shift;
my $itemtypes = { map { $_->{itemtype} => $_ } @{ Koha::ItemTypes->search_with_localization->unblessed } };
my $sth = $dbh->prepare_cached("SELECT tagfield, tagsubfield
FROM marc_subfield_structure
WHERE frameworkcode = ''
AND kohafield = 'biblioitems.itemtype'");
$sth->execute();
my @tags = ();
while (my $row = $sth->fetchrow_arrayref) {
push @tags, { tag => $row->[0], subfield => $row->[1] };
}
my @valid_values = map { { code => $_, description => $itemtypes->{$_}->{'description'} } } sort keys %$itemtypes;
$result->{'special_entry'} = { field => \@tags, valid_values => \@valid_values };
}