From b99d2b47e6a24e66dab7294778b2b1c957bad83a Mon Sep 17 00:00:00 2001 From: Nick Clemens Date: Wed, 17 Jul 2019 11:01:01 +0000 Subject: [PATCH] Bug 23329: Only redirect tracklinks.pl to urls contained in records Bug 19487 limited redirection to urls contained in a record/item if we were tracking. We should probably limit forwarding if not tracking as well. Additionally, if we don't have a soucre, let's not forward To test: 0 - Set TrackClicks syspref to 'Don't track' 1 - Hit localhost:8080/cgi-bin/koha/tracklinks.pl?uri=http://www.google.com 2 - You get forwarded to google 3 - Set TrackClicks to 'Track anonymously' 4 - You get a 404 5 - Apply patch 6 - Hit localhost:8080/cgi-bin/koha/tracklinks.pl?uri=http://www.google.com 7 - You get a 404 8 - Set TrackClicks syspref to 'Don't track' 9 - Hit localhost:8080/cgi-bin/koha/tracklinks.pl?uri=http://www.google.com&biblionumber=1 Choose a biblionumber that exists 10 - You get a 404 11 - Add http://www.google.com to the 856$u of the record used above 12 - Hit localhost:8080/cgi-bin/koha/tracklinks.pl?uri=http://www.google.com&biblionumber=1 13 - You are redirected 14 - Confirm redirection and 404 as expected with other settings of TrackClicks Signed-off-by: Tomas Cohen Arazi Signed-off-by: Marcel de Rooy Signed-off-by: Martin Renvoize Signed-off-by: Kyle M Hall Signed-off-by: Martin Renvoize --- opac/tracklinks.pl | 66 ++++++++++++++++++++-------------------------- 1 file changed, 28 insertions(+), 38 deletions(-) diff --git a/opac/tracklinks.pl b/opac/tracklinks.pl index 7bdb93935c..329addf0b5 100755 --- a/opac/tracklinks.pl +++ b/opac/tracklinks.pl @@ -28,54 +28,44 @@ use CGI qw ( -utf8 ); my $cgi = new CGI; my $uri = $cgi->param('uri') || ''; +my $biblionumber = $cgi->param('biblionumber') || 0; +my $itemnumber = $cgi->param('itemnumber') || 0; my $tracker = Koha::Linktracker->new( { trackingmethod => C4::Context->preference('TrackClicks') } ); -if ($uri) { - if ( $tracker->trackingmethod() eq 'track' - || $tracker->trackingmethod() eq 'anonymous' ) - { - my $borrowernumber = 0; - - # we have a uri and we want to track - if ( $tracker->trackingmethod() eq 'track' ) { - my ( $user, $cookie, $sessionID, $flags ) = - checkauth( $cgi, 1, {}, 'opac' ); - my $userenv = C4::Context->userenv; - - if ( defined($userenv) - && ref($userenv) eq 'HASH' - && $userenv->{number} ) - { - $borrowernumber = $userenv->{number}; - } +if ($uri && ($biblionumber || $itemnumber) ) { + my $borrowernumber = 0; - # get borrower info - } - my $biblionumber = $cgi->param('biblionumber') || 0; - my $itemnumber = $cgi->param('itemnumber') || 0; + # we have a uri and we want to track + if ( $tracker->trackingmethod() eq 'track' ) { + my ( $user, $cookie, $sessionID, $flags ) = + checkauth( $cgi, 1, {}, 'opac' ); + my $userenv = C4::Context->userenv; - my $record = C4::Biblio::GetMarcBiblio({ biblionumber => $biblionumber }); - my $marc_urls = C4::Biblio::GetMarcUrls($record, C4::Context->preference('marcflavour')); - if ( ( grep { $_ eq $uri } map { $_->{MARCURL} } @$marc_urls ) - || Koha::Items->search( { itemnumber => $itemnumber, uri => $uri } )->count ) + if ( defined($userenv) + && ref($userenv) eq 'HASH' + && $userenv->{number} ) { - $tracker->trackclick( - { - uri => $uri, - biblionumber => $biblionumber, - borrowernumber => $borrowernumber, - itemnumber => $itemnumber - } - ); - print $cgi->redirect($uri); - exit; + $borrowernumber = $userenv->{number}; } + + # get borrower info } - else { - # We have a valid url, but we shouldn't track it, just redirect + my $record = C4::Biblio::GetMarcBiblio({ biblionumber => $biblionumber }); + my $marc_urls = C4::Biblio::GetMarcUrls($record, C4::Context->preference('marcflavour')); + if ( ( grep { $_ eq $uri } map { $_->{MARCURL} } @$marc_urls ) + || Koha::Items->search( { itemnumber => $itemnumber, uri => $uri } )->count ) + { + $tracker->trackclick( + { + uri => $uri, + biblionumber => $biblionumber, + borrowernumber => $borrowernumber, + itemnumber => $itemnumber + } + ) if ( $tracker->trackingmethod() eq 'track' || $tracker->trackingmethod() eq 'anonymous' ); print $cgi->redirect($uri); exit; } -- 2.39.5