search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 25898: Prohibit indirect object notation
[koha.git] / acqui / invoice-files.pl
blobd80ee02d7efa760d6a7de8815b015dc988028e8c
1 #!/usr/bin/perl
2
3 # This file is part of Koha.
4 #
5 # Copyright 2014 Jacek Ablewicz
6 #
7 # Koha is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by
9 # the Free Software Foundation; either version 3 of the License, or
10 # (at your option) any later version.
11 #
12 # Koha is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
16 #
17 # You should have received a copy of the GNU General Public License
18 # along with Koha; if not, see <http://www.gnu.org/licenses>.
19
20 =head1 NAME
21
22 invoice-files.pl
23
24 =head1 DESCRIPTION
25
26 Manage files associated with invoice
27
28 =cut
29
30 use Modern::Perl;
31
32 use CGI;
33 use C4::Auth;
34 use C4::Output;
35 use C4::Acquisition;
36 use Koha::Misc::Files;
37
38 my $input = CGI->new;
39 my ( $template, $loggedinuser, $cookie, $flags ) = get_template_and_user(
40 {
41 template_name => 'acqui/invoice-files.tt',
42 query => $input,
43 type => 'intranet',
44 flagsrequired => { 'acquisition' => '*' },
45 debug => 1,
46 }
47 );
48
49 my $invoiceid = $input->param('invoiceid') // '';
50 my $op = $input->param('op') // '';
51 my %errors;
52
53 my $mf = Koha::Misc::Files->new( tabletag => 'aqinvoices', recordid => $invoiceid );
54 defined($mf) || do { $op = 'none'; $errors{'invalid_parameter'} = 1; };
55
56 if ( $op eq 'download' ) {
57 my $file_id = $input->param('file_id');
58 my $file = $mf->GetFile( id => $file_id );
59
60 my $fname = $file->{'file_name'};
61 my $ftype = $file->{'file_type'};
62 if ($input->param('view') && ($ftype =~ m|^image/|i || $fname =~ /\.pdf/i)) {
63 $fname =~ /\.pdf/i && do { $ftype='application/pdf'; };
64 print $input->header(
65 -type => $ftype,
66 -charset => 'utf-8'
67 );
68 } else {
69 print $input->header(
70 -type => $file->{'file_type'},
71 -charset => 'utf-8',
72 -attachment => $file->{'file_name'}
73 );
74 }
75 print $file->{'file_content'};
76 }
77 else {
78 my $details = GetInvoiceDetails($invoiceid);
79 $template->param(
80 invoiceid => $details->{'invoiceid'},
81 invoicenumber => $details->{'invoicenumber'},
82 suppliername => $details->{'suppliername'},
83 booksellerid => $details->{'booksellerid'},
84 datereceived => $details->{'datereceived'},
85 );
86
87 if ( $op eq 'upload' ) {
88 my $uploaded_file = $input->upload('uploadfile');
89
90 if ($uploaded_file) {
91 my $filename = $input->param('uploadfile');
92 my $mimetype = $input->uploadInfo($filename)->{'Content-Type'};
93
94 $errors{'empty_upload'} = 1 if ( -z $uploaded_file );
95 unless (%errors) {
96 my $file_content = do { local $/; <$uploaded_file>; };
97 if ($mimetype =~ /^application\/(force-download|unknown)$/i && $filename =~ /\.pdf$/i) {
98 $mimetype = 'application/pdf';
99 }
100 $mf->AddFile(
101 name => $filename,
102 type => $mimetype,
103 content => $file_content,
104 description => scalar $input->param('description')
105 );
106 }
107 }
108 else {
109 $errors{'no_file'} = 1;
110 }
111 } elsif ( $op eq 'delete' ) {
112 $mf->DelFile( id => scalar $input->param('file_id') );
113 }
114
115 $template->param(
116 files => (defined($mf)? $mf->GetFilesInfo(): undef),
117 errors => \%errors
118 );
119 output_html_with_http_headers $input, $cookie, $template->output;
120 }
Koha ILS