Koha/opac/svc/overdrive_proxy
Nick Clemens f28460bdb7 Bug 17392 - opac/svc/overdrive_proxy is not plack safe
This patch simply replaces the ';'  in the param passed to OverDrive
with '&'

To test:
1 - Enable overdrive (requires an account)
2 - Perform an opac search
3 - Note the number of overdrive results reported
4 - Click the link to view the actual overdrive results
5 - Note the result numbers don't match
6 - Apply patch
7 - Repeat 1-4 and note results numbers match and results are relevant
8 - Test a search with a ';' to ensure this patch isn't breaking
searches

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>
Verified by reading code - couldn't verify using Overdrive.

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-10-11 16:16:02 +00:00

86 lines
2.2 KiB
Perl
Executable file

#!/usr/bin/perl
# Copyright 2013 ByWater
#
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# Koha is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
=head1 NAME
svc/overdrive_proxy: Proxy OAuth'd requests to OverDrive
=head1 SYNOPSIS
svc/overdrive_proxy/libraries/9001 -> https://api.overdrive.com/v1/libraries/9001
=head1 DESCRIPTION
This service proxies incoming requests to the OverDrive OAuth API, to keep the
JS side from having to deal with cross-origin/authentication issues.
=cut
use strict;
use warnings;
use CGI qw(-oldstyle_urls -utf8);
use JSON;
use C4::Context;
use C4::External::OverDrive;
use C4::Output;
use Koha;
my $query = new CGI;
my $token;
if ( !IsOverDriveEnabled() || !( $token = GetOverDriveToken() ) ) {
print $query->header(
-status => '400 Bad Request',
);
print to_json({
error => 'invalid_client',
error_description => 'OverDrive login failed'
});
exit;
}
my $fixed_query = $query->query_string;
$fixed_query =~ tr/;/&/;
my $request = HTTP::Request::Common::GET( "https://api.overdrive.com/v1" . $query->path_info . '?' . $fixed_query );
$request->header( Authorization => $token );
my $ua = LWP::UserAgent->new( "Koha " . Koha::version() );
my $response = $ua->request( $request ) ;
if ( $response->code eq '500' ) {
print $query->header(
-status => '500 Internal Server Error'
);
warn "OverDrive request failed: " . $response->message;
print to_json({
error => 'invalid_client',
error_description => 'OverDrive request failed'
});
exit;
}
output_with_http_headers $query, undef, $response->content, 'json', $response->status_line;