3 # Copyright (C) 2007 LibLime
5 # This file is part of Koha.
7 # Koha is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by
9 # the Free Software Foundation; either version 3 of the License, or
10 # (at your option) any later version.
12 # Koha is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
17 # You should have received a copy of the GNU General Public License
18 # along with Koha; if not, see <http://www.gnu.org/licenses>.
29 use C4::Auth qw/check_cookie_auth haspermission/;
31 use Koha::Schema::Result::UploadedFile;
33 # upload-file.pl must authenticate the user
34 # before processing the POST request,
35 # and quickly bounce if the user is
36 # not authorized. Consequently, unlike
37 # most of the other CGI scripts, upload-file.pl
38 # requires that the session cookie already
41 my %cookies = CGI::Cookie->fetch;
42 my $sid = $cookies{'CGISESSID'}->value;
43 my ( $auth_status, $sessionID ) = check_cookie_auth( $sid );
44 my $uid = C4::Auth::get_session($sid)->param('id');
45 my $allowed = Koha::Schema::Result::UploadedFile->allows_add_by( $uid );
47 if( $auth_status ne 'ok' || !$allowed ) {
48 send_reply( 'denied' );
52 my $upload = Koha::Upload->new( upload_pars($ENV{QUERY_STRING}) );
53 if( !$upload || !$upload->cgi || !$upload->count ) {
54 # not one upload succeeded
55 send_reply( 'failed', undef, $upload? $upload->err: undef );
57 # in case of multiple uploads, at least one got through
58 send_reply( 'done', $upload->result, $upload->err );
62 sub send_reply { # response will be sent back as JSON
63 my ( $upload_status, $data, $error ) = @_;
64 my $reply = CGI->new("");
65 print $reply->header( -type => 'text/html', -charset => 'UTF-8' );
66 print JSON::encode_json({
67 status => $upload_status,
73 sub upload_pars { # this sub parses QUERY_STRING in order to build the
74 # parameter hash for Koha::Upload
76 $qstr = Encode::decode_utf8( uri_unescape( $qstr ) );
77 # category could include a utf8 character
79 foreach my $p ( qw[public category temp] ) {
80 if( $qstr =~ /(^|&)$p=(\w+)(&|$)/ ) {