Bug 20568: CSRF protection
[koha.git] / about.pl
blob3997d4992a6df83aa6960dd84eb228f25f6cc690
1 #!/usr/bin/perl
3 # Copyright Pat Eyler 2003
4 # Copyright Biblibre 2006
5 # Parts Copyright Liblime 2008
6 # Parts Copyright Chris Nighswonger 2010
8 # This file is part of Koha.
10 # Koha is free software; you can redistribute it and/or modify it
11 # under the terms of the GNU General Public License as published by
12 # the Free Software Foundation; either version 3 of the License, or
13 # (at your option) any later version.
15 # Koha is distributed in the hope that it will be useful, but
16 # WITHOUT ANY WARRANTY; without even the implied warranty of
17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 # GNU General Public License for more details.
20 # You should have received a copy of the GNU General Public License
21 # along with Koha; if not, see <http://www.gnu.org/licenses>.
23 use Modern::Perl;
25 use CGI qw ( -utf8 );
26 use DateTime::TimeZone;
27 use List::MoreUtils qw/ any /;
28 use LWP::Simple;
29 use XML::Simple;
30 use Config;
31 use Search::Elasticsearch;
32 use Try::Tiny;
34 use C4::Output;
35 use C4::Auth;
36 use C4::Context;
37 use C4::Installer;
39 use Koha;
40 use Koha::DateUtils qw(dt_from_string output_pref);
41 use Koha::Acquisition::Currencies;
42 use Koha::Patron::Categories;
43 use Koha::Patrons;
44 use Koha::Caches;
45 use Koha::Config::SysPrefs;
46 use Koha::Illrequest::Config;
47 use Koha::SearchEngine::Elasticsearch;
49 use C4::Members::Statistics;
52 #use Smart::Comments '####';
54 my $query = new CGI;
55 my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
57 template_name => "about.tt",
58 query => $query,
59 type => "intranet",
60 authnotrequired => 0,
61 flagsrequired => { catalogue => 1 },
62 debug => 1,
66 my $config_timezone = C4::Context->config('timezone') // '';
67 my $config_invalid = !DateTime::TimeZone->is_valid_name( $config_timezone );
68 my $env_timezone = $ENV{TZ} // '';
69 my $env_invalid = !DateTime::TimeZone->is_valid_name( $env_timezone );
70 my $actual_bad_tz_fallback = 0;
72 if ( $config_timezone ne '' &&
73 $config_invalid ) {
74 # Bad config
75 $actual_bad_tz_fallback = 1;
77 elsif ( $config_timezone eq '' &&
78 $env_timezone ne '' &&
79 $env_invalid ) {
80 # No config, but bad ENV{TZ}
81 $actual_bad_tz_fallback = 1;
84 my $time_zone = {
85 actual => C4::Context->tz->name,
86 actual_bad_tz_fallback => $actual_bad_tz_fallback,
87 config => $config_timezone,
88 config_invalid => $config_invalid,
89 environment => $env_timezone,
90 environment_invalid => $env_invalid
93 $template->param(
94 time_zone => $time_zone,
95 current_date_and_time => output_pref({ dt => dt_from_string(), dateformat => 'iso' })
98 my $perl_path = $^X;
99 if ($^O ne 'VMS') {
100 $perl_path .= $Config{_exe} unless $perl_path =~ m/$Config{_exe}$/i;
103 my $zebraVersion = `zebraidx -V`;
105 # Check running PSGI env
106 if ( any { /(^psgi\.|^plack\.)/i } keys %ENV ) {
107 $template->param(
108 is_psgi => 1,
109 psgi_server => ($ENV{ PLACK_ENV }) ? "Plack ($ENV{PLACK_ENV})" :
110 ($ENV{ MOD_PERL }) ? "mod_perl ($ENV{MOD_PERL})" :
111 'Unknown'
115 # Memcached configuration
116 my $memcached_servers = $ENV{MEMCACHED_SERVERS} || C4::Context->config('memcached_servers');
117 my $memcached_namespace = $ENV{MEMCACHED_NAMESPACE} || C4::Context->config('memcached_namespace') // 'koha';
119 my $cache = Koha::Caches->get_instance;
120 my $effective_caching_method = ref($cache->cache);
121 # Memcached may have been running when plack has been initialized but could have been stopped since
122 # FIXME What are the consequences of that??
123 my $is_memcached_still_active = $cache->set_in_cache('test_for_about_page', "just a simple value");
125 my $where_is_memcached_config = 'nowhere';
126 if ( $ENV{MEMCACHED_SERVERS} and C4::Context->config('memcached_servers') ) {
127 $where_is_memcached_config = 'both';
128 } elsif ( $ENV{MEMCACHED_SERVERS} and not C4::Context->config('memcached_servers') ) {
129 $where_is_memcached_config = 'ENV_only';
130 } elsif ( C4::Context->config('memcached_servers') ) {
131 $where_is_memcached_config = 'config_only';
134 $template->param(
135 effective_caching_method => $effective_caching_method,
136 memcached_servers => $memcached_servers,
137 memcached_namespace => $memcached_namespace,
138 is_memcached_still_active => $is_memcached_still_active,
139 where_is_memcached_config => $where_is_memcached_config,
140 memcached_running => Koha::Caches->get_instance->memcached_cache,
143 # Additional system information for warnings
145 my $warnStatisticsFieldsError;
146 my $prefStatisticsFields = C4::Context->preference('StatisticsFields');
147 if ($prefStatisticsFields) {
148 $warnStatisticsFieldsError = $prefStatisticsFields
149 unless ( $prefStatisticsFields eq C4::Members::Statistics->get_fields() );
152 my $prefAutoCreateAuthorities = C4::Context->preference('AutoCreateAuthorities');
153 my $prefBiblioAddsAuthorities = C4::Context->preference('BiblioAddsAuthorities');
154 my $warnPrefBiblioAddsAuthorities = ( $prefAutoCreateAuthorities && ( !$prefBiblioAddsAuthorities) );
156 my $prefEasyAnalyticalRecords = C4::Context->preference('EasyAnalyticalRecords');
157 my $prefUseControlNumber = C4::Context->preference('UseControlNumber');
158 my $warnPrefEasyAnalyticalRecords = ( $prefEasyAnalyticalRecords && $prefUseControlNumber );
159 my $warnPrefAnonymousPatron = (
160 C4::Context->preference('OPACPrivacy')
161 and not C4::Context->preference('AnonymousPatron')
164 my $anonymous_patron = Koha::Patrons->find( C4::Context->preference('AnonymousPatron') );
165 my $warnPrefAnonymousPatron_PatronDoesNotExist = ( not $anonymous_patron and Koha::Patrons->search({ privacy => 2 })->count );
167 my $errZebraConnection = C4::Context->Zconn("biblioserver",0)->errcode();
169 my $warnIsRootUser = (! $loggedinuser);
171 my $warnNoActiveCurrency = (! defined Koha::Acquisition::Currencies->get_active);
173 my @xml_config_warnings;
175 my $context = new C4::Context;
177 if ( ! defined C4::Context->config('zebra_bib_index_mode') ) {
178 push @xml_config_warnings, {
179 error => 'zebra_bib_index_mode_warn'
181 if ($context->{'server'}->{'biblioserver'}->{'config'} !~ /zebra-biblios-dom.cfg/) {
182 push @xml_config_warnings, {
183 error => 'zebra_bib_mode_seems_grs1'
186 else {
187 push @xml_config_warnings, {
188 error => 'zebra_bib_mode_seems_dom'
191 } else {
192 push @xml_config_warnings, { error => 'zebra_bib_grs_warn' }
193 if C4::Context->config('zebra_bib_index_mode') eq 'grs1';
196 if ( (C4::Context->config('zebra_bib_index_mode') eq 'dom') &&
197 ($context->{'server'}->{'biblioserver'}->{'config'} !~ /zebra-biblios-dom.cfg/) ) {
199 push @xml_config_warnings, {
200 error => 'zebra_bib_index_mode_mismatch_warn'
204 if ( (C4::Context->config('zebra_bib_index_mode') eq 'grs1') &&
205 ($context->{'server'}->{'biblioserver'}->{'config'} =~ /zebra-biblios-dom.cfg/) ) {
207 push @xml_config_warnings, {
208 error => 'zebra_bib_index_mode_mismatch_warn'
212 if ( ! defined C4::Context->config('zebra_auth_index_mode') ) {
213 push @xml_config_warnings, {
214 error => 'zebra_auth_index_mode_warn'
216 if ($context->{'server'}->{'authorityserver'}->{'config'} !~ /zebra-authorities-dom.cfg/) {
217 push @xml_config_warnings, {
218 error => 'zebra_auth_mode_seems_grs1'
221 else {
222 push @xml_config_warnings, {
223 error => 'zebra_auth_mode_seems_dom'
226 } else {
227 push @xml_config_warnings, { error => 'zebra_auth_grs_warn' }
228 if C4::Context->config('zebra_auth_index_mode') eq 'grs1';
231 if ( (C4::Context->config('zebra_auth_index_mode') eq 'dom') && ($context->{'server'}->{'authorityserver'}->{'config'} !~ /zebra-authorities-dom.cfg/) ) {
232 push @xml_config_warnings, {
233 error => 'zebra_auth_index_mode_mismatch_warn'
237 if ( (C4::Context->config('zebra_auth_index_mode') eq 'grs1') && ($context->{'server'}->{'authorityserver'}->{'config'} =~ /zebra-authorities-dom.cfg/) ) {
238 push @xml_config_warnings, {
239 error => 'zebra_auth_index_mode_mismatch_warn'
243 if ( ! defined C4::Context->config('log4perl_conf') ) {
244 push @xml_config_warnings, {
245 error => 'log4perl_entry_missing'
249 if ( ! defined C4::Context->config('upload_path') ) {
250 if ( Koha::Config::SysPrefs->find('OPACBaseURL')->value ) {
251 # OPACBaseURL seems to be set
252 push @xml_config_warnings, {
253 error => 'uploadpath_entry_missing'
255 } else {
256 push @xml_config_warnings, {
257 error => 'uploadpath_and_opacbaseurl_entry_missing'
262 # Test QueryParser configuration sanity
263 if ( C4::Context->preference( 'UseQueryParser' ) ) {
264 # Get the QueryParser configuration file name
265 my $queryparser_file = C4::Context->config( 'queryparser_config' );
266 my $queryparser_fallback_file = '/etc/koha/searchengine/queryparser.yaml';
267 # Check QueryParser is functional
268 my $QParser = C4::Context->queryparser();
269 my $queryparser_error = {};
270 if ( ! defined $QParser || ref($QParser) ne 'Koha::QueryParser::Driver::PQF' ) {
271 # Error initializing the QueryParser object
272 # Get the used queryparser.yaml file path to report the user
273 $queryparser_error->{ fallback } = ( defined $queryparser_file ) ? 0 : 1;
274 $queryparser_error->{ file } = ( defined $queryparser_file )
275 ? $queryparser_file
276 : $queryparser_fallback_file;
277 # Report error data to the template
278 $template->param( QueryParserError => $queryparser_error );
279 } else {
280 # Check for an absent queryparser_config entry in koha-conf.xml
281 if ( ! defined $queryparser_file ) {
282 # Not an error but a warning for the missing entry in koha-conf-xml
283 push @xml_config_warnings, {
284 error => 'queryparser_entry_missing',
285 file => $queryparser_fallback_file
291 # Test Zebra facets configuration
292 if ( !defined C4::Context->config('use_zebra_facets') ) {
293 push @xml_config_warnings, { error => 'use_zebra_facets_entry_missing' };
294 } else {
295 if ( C4::Context->config('use_zebra_facets') &&
296 C4::Context->config('zebra_bib_index_mode') ) {
297 # use_zebra_facets works with DOM
298 push @xml_config_warnings, {
299 error => 'use_zebra_facets_needs_dom'
300 } if C4::Context->config('zebra_bib_index_mode') ne 'dom' ;
304 # ILL module checks
305 if ( C4::Context->preference('ILLModule') ) {
306 my $warnILLConfiguration = 0;
307 my $ill_config_from_file = C4::Context->config("interlibrary_loans");
308 my $ill_config = Koha::Illrequest::Config->new;
310 my $available_ill_backends =
311 ( scalar @{ $ill_config->available_backends } > 0 );
313 # Check backends
314 if ( !$available_ill_backends ) {
315 $template->param( no_ill_backends => 1 );
316 $warnILLConfiguration = 1;
319 # Check partner_code
320 if ( !Koha::Patron::Categories->find($ill_config->partner_code) ) {
321 $template->param( ill_partner_code_doesnt_exist => $ill_config->partner_code );
322 $warnILLConfiguration = 1;
325 if ( !$ill_config_from_file->{partner_code} ) {
326 # partner code not defined
327 $template->param( ill_partner_code_not_defined => 1 );
328 $warnILLConfiguration = 1;
331 $template->param( warnILLConfiguration => $warnILLConfiguration );
334 if ( C4::Context->preference('SearchEngine') eq 'Elasticsearch' ) {
335 # Check ES configuration health and runtime status
337 my $es_status;
338 my $es_config_error;
339 my $es_running = 1;
341 my $es_conf;
342 try {
343 $es_conf = Koha::SearchEngine::Elasticsearch::_read_configuration();
345 catch {
346 if ( ref($_) eq 'Koha::Exceptions::Config::MissingEntry' ) {
347 $template->param( elasticsearch_fatal_config_error => $_->message );
348 $es_config_error = 1;
351 if ( !$es_config_error ) {
353 my $biblios_index_name = $es_conf->{index_name} . "_" . $Koha::SearchEngine::BIBLIOS_INDEX;
354 my $authorities_index_name = $es_conf->{index_name} . "_" . $Koha::SearchEngine::AUTHORITIES_INDEX;
356 my @indexes = ($biblios_index_name, $authorities_index_name);
357 # TODO: When new indexes get added, we could have other ways to
358 # fetch the list of available indexes (e.g. plugins, etc)
359 $es_status->{nodes} = $es_conf->{nodes};
360 my $es = Search::Elasticsearch->new({ nodes => $es_conf->{nodes} });
362 foreach my $index ( @indexes ) {
363 my $count;
364 try {
365 $count = $es->indices->stats( index => $index )
366 ->{_all}{primaries}{docs}{count};
368 catch {
369 if ( ref($_) eq 'Search::Elasticsearch::Error::Missing' ) {
370 push @{ $es_status->{errors} }, "Index not found ($index)";
371 $count = -1;
373 elsif ( ref($_) eq 'Search::Elasticsearch::Error::NoNodes' ) {
374 $es_running = 0;
376 else {
377 # TODO: when time comes, we will cover more use cases
378 die $_;
382 push @{ $es_status->{indexes} },
384 index_name => $index,
385 count => $count
388 $es_status->{running} = $es_running;
390 $template->param( elasticsearch_status => $es_status );
394 # Sco Patron should not contain any other perms than circulate => self_checkout
395 if ( C4::Context->preference('WebBasedSelfCheck')
396 and C4::Context->preference('AutoSelfCheckAllowed')
398 my $userid = C4::Context->preference('AutoSelfCheckID');
399 my $all_permissions = C4::Auth::get_user_subpermissions( $userid );
400 my ( $has_self_checkout_perm, $has_other_permissions );
401 while ( my ( $module, $permissions ) = each %$all_permissions ) {
402 if ( $module eq 'self_check' ) {
403 while ( my ( $permission, $flag ) = each %$permissions ) {
404 if ( $permission eq 'self_checkout_module' ) {
405 $has_self_checkout_perm = 1;
406 } else {
407 $has_other_permissions = 1;
410 } else {
411 $has_other_permissions = 1;
414 $template->param(
415 AutoSelfCheckPatronDoesNotHaveSelfCheckPerm => not ( $has_self_checkout_perm ),
416 AutoSelfCheckPatronHasTooManyPerm => $has_other_permissions,
421 my $dbh = C4::Context->dbh;
422 my $patrons = $dbh->selectall_arrayref(
423 q|select b.borrowernumber from borrowers b join deletedborrowers db on b.borrowernumber=db.borrowernumber|,
424 { Slice => {} }
426 my $biblios = $dbh->selectall_arrayref(
427 q|select b.biblionumber from biblio b join deletedbiblio db on b.biblionumber=db.biblionumber|,
428 { Slice => {} }
430 my $items = $dbh->selectall_arrayref(
431 q|select i.itemnumber from items i join deleteditems di on i.itemnumber=di.itemnumber|,
432 { Slice => {} }
434 my $checkouts = $dbh->selectall_arrayref(
435 q|select i.issue_id from issues i join old_issues oi on i.issue_id=oi.issue_id|,
436 { Slice => {} }
438 my $holds = $dbh->selectall_arrayref(
439 q|select r.reserve_id from reserves r join old_reserves o on r.reserve_id=o.reserve_id|,
440 { Slice => {} }
442 if ( @$patrons or @$biblios or @$items or @$checkouts or @$holds ) {
443 $template->param(
444 has_ai_issues => 1,
445 ai_patrons => $patrons,
446 ai_biblios => $biblios,
447 ai_items => $items,
448 ai_checkouts => $checkouts,
449 ai_holds => $holds,
453 my %versions = C4::Context::get_versions();
455 $template->param(
456 kohaVersion => $versions{'kohaVersion'},
457 osVersion => $versions{'osVersion'},
458 perlPath => $perl_path,
459 perlVersion => $versions{'perlVersion'},
460 perlIncPath => [ map { perlinc => $_ }, @INC ],
461 mysqlVersion => $versions{'mysqlVersion'},
462 apacheVersion => $versions{'apacheVersion'},
463 zebraVersion => $zebraVersion,
464 prefBiblioAddsAuthorities => $prefBiblioAddsAuthorities,
465 prefAutoCreateAuthorities => $prefAutoCreateAuthorities,
466 warnPrefBiblioAddsAuthorities => $warnPrefBiblioAddsAuthorities,
467 warnPrefEasyAnalyticalRecords => $warnPrefEasyAnalyticalRecords,
468 warnPrefAnonymousPatron => $warnPrefAnonymousPatron,
469 warnPrefAnonymousPatron_PatronDoesNotExist => $warnPrefAnonymousPatron_PatronDoesNotExist,
470 errZebraConnection => $errZebraConnection,
471 warnIsRootUser => $warnIsRootUser,
472 warnNoActiveCurrency => $warnNoActiveCurrency,
473 warnNoTemplateCaching => ( C4::Context->config('template_cache_dir') ? 0 : 1 ),
474 xml_config_warnings => \@xml_config_warnings,
475 warnStatisticsFieldsError => $warnStatisticsFieldsError,
478 my @components = ();
480 my $perl_modules = C4::Installer::PerlModules->new;
481 $perl_modules->versions_info;
483 my @pm_types = qw(missing_pm upgrade_pm current_pm);
485 foreach my $pm_type(@pm_types) {
486 my $modules = $perl_modules->get_attr($pm_type);
487 foreach (@$modules) {
488 my ($module, $stats) = each %$_;
489 push(
490 @components,
492 name => $module,
493 version => $stats->{'cur_ver'},
494 missing => ($pm_type eq 'missing_pm' ? 1 : 0),
495 upgrade => ($pm_type eq 'upgrade_pm' ? 1 : 0),
496 current => ($pm_type eq 'current_pm' ? 1 : 0),
497 require => $stats->{'required'},
498 reqversion => $stats->{'min_ver'},
504 @components = sort {$a->{'name'} cmp $b->{'name'}} @components;
506 my $counter=0;
507 my $row = [];
508 my $table = [];
509 foreach (@components) {
510 push (@$row, $_);
511 unless (++$counter % 4) {
512 push (@$table, {row => $row});
513 $row = [];
516 # Processing the last line (if there are any modules left)
517 if (scalar(@$row) > 0) {
518 # Extending $row to the table size
519 $$row[3] = '';
520 # Pushing the last line
521 push (@$table, {row => $row});
523 ## ## $table
525 $template->param( table => $table );
528 ## ------------------------------------------
529 ## Koha time line code
531 #get file location
532 my $docdir;
533 if ( defined C4::Context->config('docdir') ) {
534 $docdir = C4::Context->config('docdir');
535 } else {
536 # if no <docdir> is defined in koha-conf.xml, use the default location
537 # this is a work-around to stop breakage on upgraded Kohas, bug 8911
538 $docdir = C4::Context->config('intranetdir') . '/docs';
541 if ( open( my $file, "<:encoding(UTF-8)", "$docdir" . "/history.txt" ) ) {
543 my $i = 0;
545 my @rows2 = ();
546 my $row2 = [];
548 my @lines = <$file>;
549 close($file);
551 shift @lines; #remove header row
553 foreach (@lines) {
554 my ( $epoch, $date, $desc, $tag ) = split(/\t/);
555 if(!$desc && $date=~ /(?<=\d{4})\s+/) {
556 ($date, $desc)= ($`, $');
558 push(
559 @rows2,
561 date => $date,
562 desc => $desc,
567 my $table2 = [];
568 #foreach my $row2 (@rows2) {
569 foreach (@rows2) {
570 push (@$row2, $_);
571 push( @$table2, { row2 => $row2 } );
572 $row2 = [];
575 $template->param( table2 => $table2 );
576 } else {
577 $template->param( timeline_read_error => 1 );
580 output_html_with_http_headers $query, $cookie, $template->output;