Bug 12721 - Prevent software error if incorrect fieldnames given in sypref Statistics...
[koha.git] / edithelp.pl
blobb4e75c9b3e88373411c4dd8f463ddf4702d69144
1 #!/usr/bin/perl
3 # Copyright 2007 Liblime Ltd
5 # This file is part of Koha.
7 # Koha is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by
9 # the Free Software Foundation; either version 3 of the License, or
10 # (at your option) any later version.
12 # Koha is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
17 # You should have received a copy of the GNU General Public License
18 # along with Koha; if not, see <http://www.gnu.org/licenses>.
20 use Modern::Perl;
21 use C4::Output;
22 use C4::Templates;
23 use C4::Auth;
24 use CGI qw ( -utf8 );
26 use vars qw($debug);
28 BEGIN {
29 $debug = $ENV{DEBUG} || 0;
32 our $input = new CGI;
34 my $type = $input->param('type') || '';
35 my $referer = $input->param('referer') || '';
36 my $oldreferer = $referer;
37 my $help = $input->param('help') || '';
38 # strip any DOS-newlines that TinyMCE may have sneaked in
39 $help =~ s/\r//g;
40 my $error;
42 my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
44 template_name => "help/edithelp.tt",
45 query => $input,
46 type => "intranet",
47 authnotrequired => 0,
48 flagsrequired => {
49 catalogue => 1,
50 circulate => 1,
51 parameters => 1,
52 borrowers => 1,
53 permissions => 1,
54 reserveforothers => 1,
55 borrow => 1,
56 reserveforself => 1,
57 editcatalogue => 1,
58 updatecharges => 1,
60 debug => 1,
64 sub _get_filepath ($;$) {
65 my $referer = shift;
66 $referer =~ /koha\/(.*)\.pl/;
67 my $file = $1;
68 $file =~ s/[^0-9a-zA-Z_\-\/]*//g;
69 my $from = "help/$file.tt";
70 my $htdocs = C4::Context->config('intrahtdocs');
71 my ($theme, $lang, $availablethemes) = C4::Templates::themelanguage( $htdocs, $from, "intranet", $input );
72 $debug and print STDERR "help filepath: $htdocs/$theme/$lang/modules/$from";
73 return "$htdocs/$theme/$lang/modules/$from";
76 $type = 'create' if $type eq 'addnew';
77 if ( $type eq 'create' || $type eq 'save' ) {
78 my $file = _get_filepath($referer);
79 open my $fh, ">:encoding(utf-8)", $file;
80 if ( $fh ) {
81 # file is open write to it
82 print $fh
83 " [% INCLUDE 'help-top.inc' %]\n",
84 $type eq 'create' ? "<div class=\"main\">\n$help\n</div>" : $help,
85 "\n[% INCLUDE 'help-bottom.inc' %]\n";
86 close $fh;
87 print $input->redirect("/cgi-bin/koha/help.pl?url=$oldreferer");
89 else {
90 $error = "Cannot write file: '$file'";
93 elsif ( $type eq 'modify' ) {
94 # open file load data, kill include calls, pass data to the template
95 my $file = _get_filepath($referer, 1); # 2nd argument triggers themelanguage call
96 if (! -r $file) {
97 $error = "Cannot read file: '$file'.";
98 } else {
99 (-w $file) or $error =
100 "WARNING: You will not be able to save, because your webserver cannot write to '$file'. Contact your admin about help file permissions.";
101 open (my $fh, '<:encoding(utf-8)', $file) or die "Cannot read file '$file'"; # unlikely death, since we just checked
102 my $help = '';
103 while ( <$fh> ) {
104 $help .= /\[% INCLUDE .* %\](.*)$/ ? $1 : $_;
106 close $fh;
107 $template->param( 'help' => $help );
108 $type = 'save';
112 $template->param(
113 'referer' => $referer,
114 'type' => $type,
116 ($error) and $template->param('error' => $error);
117 output_html_with_http_headers $input, "", $template->output;