Bug 25279: (QA follow-up) Use .escapeHtml
[koha.git] / members / files.pl
blobe35f7e96279c232a608b36d6ed4d24106ba154f5
1 #!/usr/bin/perl
3 # Copyright 2012 ByWater Solutions
5 # This file is part of Koha.
7 # Koha is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by
9 # the Free Software Foundation; either version 3 of the License, or
10 # (at your option) any later version.
12 # Koha is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
17 # You should have received a copy of the GNU General Public License
18 # along with Koha; if not, see <http://www.gnu.org/licenses>.
20 use Modern::Perl;
22 use CGI qw ( -utf8 );
24 use C4::Auth;
25 use C4::Output;
26 use C4::Members;
27 use C4::Debug;
29 use Koha::DateUtils;
30 use Koha::Patrons;
31 use Koha::Patron::Files;
32 use Koha::Patron::Categories;
34 my $cgi = CGI->new;
36 my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
38 template_name => "members/files.tt",
39 query => $cgi,
40 type => "intranet",
41 authnotrequired => 0,
42 flagsrequired => { borrowers => 'edit_borrowers' },
43 debug => 1,
46 $template->param( 'borrower_files' => 1 );
48 my $borrowernumber = $cgi->param('borrowernumber');
50 my $logged_in_user = Koha::Patrons->find( $loggedinuser );
51 my $patron = Koha::Patrons->find($borrowernumber);
52 output_and_exit_if_error( $cgi, $cookie, $template, { module => 'members', logged_in_user => $logged_in_user, current_patron => $patron } );
54 my $bf = Koha::Patron::Files->new( borrowernumber => $borrowernumber ); # FIXME Should be $patron->get_files. Koha::Patron::Files needs to be Koha::Objects based first
56 my $op = $cgi->param('op') || '';
58 if ( $op eq 'download' ) {
59 my $file_id = $cgi->param('file_id');
60 my $file = $bf->GetFile( id => $file_id );
62 print $cgi->header(
63 -type => $file->{'file_type'},
64 -charset => 'utf-8',
65 -attachment => $file->{'file_name'}
67 print $file->{'file_content'};
69 else {
71 my $patron_category = $patron->category;
72 $template->param( patron => $patron );
74 my %errors;
76 if ( $op eq 'upload' ) {
77 my $uploaded_file = $cgi->upload('uploadfile');
79 if ($uploaded_file) {
80 my $filename = $cgi->param('uploadfile');
81 my $mimetype = $cgi->uploadInfo($filename)->{'Content-Type'};
83 $errors{'empty_upload'} = 1 if ( -z $uploaded_file );
85 if (%errors) {
86 $template->param( errors => %errors );
88 else {
89 my $file_content;
90 while (<$uploaded_file>) {
91 $file_content .= $_;
94 $bf->AddFile(
95 name => $filename,
96 type => $mimetype,
97 content => $file_content,
98 description => scalar $cgi->param('description'),
102 else {
103 $errors{'no_file'} = 1;
105 } elsif ( $op eq 'delete' ) {
106 $bf->DelFile( id => scalar $cgi->param('file_id') );
109 $template->param(
110 files => Koha::Patron::Files->new( borrowernumber => $borrowernumber )
111 ->GetFilesInfo(),
113 errors => \%errors,
115 output_html_with_http_headers $cgi, $cookie, $template->output;
118 =head1 AUTHOR
120 Kyle M Hall <kyle@bywatersolutions.com>
122 =cut