Bug 14423: XSS issues in marc_subfields_structure
[koha.git] / offline_circ / enqueue_koc.pl
blob6798f3fb8daad961caeb4b051afe15f237e99701
1 #!/usr/bin/perl
3 # 2008 Kyle Hall <kyle.m.hall@gmail.com>
5 # This file is part of Koha.
7 # Koha is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by
9 # the Free Software Foundation; either version 3 of the License, or
10 # (at your option) any later version.
12 # Koha is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
17 # You should have received a copy of the GNU General Public License
18 # along with Koha; if not, see <http://www.gnu.org/licenses>.
21 use strict;
22 use warnings;
24 use CGI qw ( -utf8 );
25 use C4::Output;
26 use C4::Auth;
27 use C4::Koha;
28 use C4::Context;
29 use C4::Biblio;
30 use C4::Accounts;
31 use C4::Circulation;
32 use C4::Items;
33 use C4::Members;
34 use C4::Stats;
35 use C4::UploadedFile;
37 use Date::Calc qw( Add_Delta_Days Date_to_Days );
39 use constant DEBUG => 0;
41 # this is the file version number that we're coded against.
42 my $FILE_VERSION = '1.0';
44 my $query = CGI->new;
45 my @output;
47 my ($template, $loggedinuser, $cookie) = get_template_and_user({
48 template_name => "offline_circ/enqueue_koc.tt",
49 query => $query,
50 type => "intranet",
51 authnotrequired => 0,
52 flagsrequired => { circulate => "circulate_remaining_permissions" },
53 });
56 my $fileID=$query->param('uploadedfileid');
57 my %cookies = parse CGI::Cookie($cookie);
58 my $sessionID = $cookies{'CGISESSID'}->value;
59 ## 'Local' globals.
60 our $dbh = C4::Context->dbh();
62 if ($fileID) {
63 my $uploaded_file = C4::UploadedFile->fetch($sessionID, $fileID);
64 my $fh = $uploaded_file->fh();
65 my @input_lines = <$fh>;
67 my $header_line = shift @input_lines;
68 my $file_info = parse_header_line($header_line);
69 if ($file_info->{'Version'} ne $FILE_VERSION) {
70 push @output, {
71 message => 1,
72 ERROR_file_version => 1,
73 upload_version => $file_info->{'Version'},
74 current_version => $FILE_VERSION
78 my $userid = C4::Context->userenv->{id};
79 my $branchcode = C4::Context->userenv->{branch};
81 foreach my $line (@input_lines) {
82 my $command_line = parse_command_line($line);
83 my $timestamp = $command_line->{'date'} . ' ' . $command_line->{'time'};
84 my $action = $command_line->{'command'};
85 my $barcode = $command_line->{'barcode'};
86 my $cardnumber = $command_line->{'cardnumber'};
87 my $amount = $command_line->{'amount'};
89 AddOfflineOperation( $userid, $branchcode, $timestamp, $action, $barcode, $cardnumber, $amount );
94 $template->param( messages => \@output );
96 output_html_with_http_headers $query, $cookie, $template->output;
98 =head1 FUNCTIONS
100 =head2 parse_header_line
102 parses the header line from a .koc file. This is the line that
103 specifies things such as the file version, and the name and version of
104 the offline circulation tool that generated the file. See
105 L<http://wiki.koha-community.org/wiki/Koha_offline_circulation_file_format>
106 for more information.
108 pass in a string containing the header line (the first line from th
109 file).
111 returns a hashref containing the information from the header.
113 =cut
115 sub parse_header_line {
116 my $header_line = shift;
117 chomp($header_line);
118 $header_line =~ s/\r//g;
120 my @fields = split( /\t/, $header_line );
121 my %header_info = map { split( /=/, $_ ) } @fields;
122 return \%header_info;
125 =head2 parse_command_line
127 =cut
129 sub parse_command_line {
130 my $command_line = shift;
131 chomp($command_line);
132 $command_line =~ s/\r//g;
134 my ( $timestamp, $command, @args ) = split( /\t/, $command_line );
135 my ( $date, $time, $id ) = split( /\s/, $timestamp );
137 my %command = (
138 date => $date,
139 time => $time,
140 id => $id,
141 command => $command,
144 # set the rest of the keys using a hash slice
145 my $argument_names = arguments_for_command($command);
146 @command{@$argument_names} = @args;
148 return \%command;
152 =head2 arguments_for_command
154 fetches the names of the columns (and function arguments) found in the
155 .koc file for a particular command name. For instance, the C<issue>
156 command requires a C<cardnumber> and C<barcode>. In that case this
157 function returns a reference to the list C<qw( cardnumber barcode )>.
159 parameters: the command name
161 returns: listref of column names.
163 =cut
165 sub arguments_for_command {
166 my $command = shift;
168 # define the fields for this version of the file.
169 my %format = (
170 issue => [qw( cardnumber barcode )],
171 return => [qw( barcode )],
172 payment => [qw( cardnumber amount )],
175 return $format{$command};
178 =head2 _get_borrowernumber_from_barcode
180 pass in a barcode
181 get back the borrowernumber of the patron who has it checked out.
182 undef if that can't be found
184 =cut
186 sub _get_borrowernumber_from_barcode {
187 my $barcode = shift;
189 return unless $barcode;
191 my $item = GetBiblioFromItemNumber( undef, $barcode );
192 return unless $item->{'itemnumber'};
194 my $issue = C4::Circulation::GetItemIssue( $item->{'itemnumber'} );
195 return unless $issue->{'borrowernumber'};
196 return $issue->{'borrowernumber'};