Bug 25898: Prohibit indirect object notation
[koha.git] / opac / opac-sendshelf.pl
blobc97aa450dc9767f954572f6a008c8bd133026253
1 #!/usr/bin/perl
3 # Copyright 2009 SARL Biblibre
5 # This file is part of Koha.
7 # Koha is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by
9 # the Free Software Foundation; either version 3 of the License, or
10 # (at your option) any later version.
12 # Koha is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
17 # You should have received a copy of the GNU General Public License
18 # along with Koha; if not, see <http://www.gnu.org/licenses>.
20 use Modern::Perl;
22 use CGI qw ( -utf8 );
23 use Encode qw( encode );
24 use Carp;
25 use Try::Tiny;
27 use C4::Auth;
28 use C4::Biblio;
29 use C4::Items;
30 use C4::Output;
31 use C4::Members;
32 use Koha::Email;
33 use Koha::Patrons;
34 use Koha::Virtualshelves;
36 my $query = CGI->new;
38 # if virtualshelves is disabled, leave immediately
39 if ( ! C4::Context->preference('virtualshelves') ) {
40 print $query->redirect("/cgi-bin/koha/errors/404.pl");
41 exit;
44 my ( $template, $borrowernumber, $cookie ) = get_template_and_user (
46 template_name => "opac-sendshelfform.tt",
47 query => $query,
48 type => "opac",
52 my $shelfid = $query->param('shelfid');
53 my $email = $query->param('email');
55 my $dbh = C4::Context->dbh;
57 my $shelf = Koha::Virtualshelves->find( $shelfid );
58 if ( $shelf and $shelf->can_be_viewed( $borrowernumber ) ) {
60 if ( $email ) {
61 my $comment = $query->param('comment');
63 my ( $template2, $borrowernumber, $cookie ) = get_template_and_user(
65 template_name => "opac-sendshelf.tt",
66 query => $query,
67 type => "opac",
68 authnotrequired => 1,
72 my $patron = Koha::Patrons->find( $borrowernumber );
73 my $borcat = $patron ? $patron->categorycode : q{};
75 my $shelf = Koha::Virtualshelves->find( $shelfid );
76 my $contents = $shelf->get_contents;
77 my $marcflavour = C4::Context->preference('marcflavour');
78 my $iso2709;
79 my @results;
81 while ( my $content = $contents->next ) {
82 my $biblionumber = $content->biblionumber;
83 my $record = GetMarcBiblio({
84 biblionumber => $biblionumber,
85 embed_items => 1,
86 opac => 1,
87 borcat => $borcat });
88 next unless $record;
89 my $fw = GetFrameworkCode($biblionumber);
90 my $dat = GetBiblioData($biblionumber);
92 my $marcauthorsarray = GetMarcAuthors( $record, $marcflavour );
93 my $marcsubjctsarray = GetMarcSubjects( $record, $marcflavour );
95 my @items = GetItemsInfo( $biblionumber );
97 $dat->{ISBN} = GetMarcISBN($record, $marcflavour);
98 $dat->{MARCSUBJCTS} = $marcsubjctsarray;
99 $dat->{MARCAUTHORS} = $marcauthorsarray;
100 $dat->{'biblionumber'} = $biblionumber;
101 $dat->{ITEM_RESULTS} = \@items;
102 $dat->{HASAUTHORS} = $dat->{'author'} || @$marcauthorsarray;
104 $iso2709 .= $record->as_usmarc();
106 push( @results, $dat );
109 $template2->param(
110 BIBLIO_RESULTS => \@results,
111 comment => $comment,
112 shelfname => $shelf->shelfname,
113 firstname => $patron->firstname,
114 surname => $patron->surname,
117 # Getting template result
118 my $template_res = $template2->output();
119 my $body;
121 my $subject;
122 # Analysing information and getting mail properties
123 if ( $template_res =~ /<SUBJECT>(?<subject>.*)<END_SUBJECT>/s ) {
124 $subject = $+{subject};
125 $subject =~ s|\n?(.*)\n?|$1|;
127 else {
128 $subject = "no subject";
131 my $email_header = "";
132 if ( $template_res =~ /<HEADER>(.*)<END_HEADER>/s ) {
133 $email_header = $1;
134 $email_header =~ s|\n?(.*)\n?|$1|;
137 if ( $template_res =~ /<MESSAGE>(.*)<END_MESSAGE>/s ) {
138 $body = $1;
139 $body =~ s|\n?(.*)\n?|$1|;
142 my $THE_body = <<END_OF_BODY;
143 $email_header
144 $body
145 END_OF_BODY
147 try {
148 my $email = Koha::Email->create(
150 to => $email,
151 subject => $subject,
154 $email->text_body( $THE_body );
155 $email->attach(
156 Encode::encode( "UTF-8", $iso2709 ),
157 content_type => 'application/octet-stream',
158 name => 'list.iso2709',
159 disposition => 'attachment',
161 my $library = Koha::Patrons->find( $borrowernumber )->library;
162 $email->transport( $library->smtp_server->transport );
163 $email->send_or_die;
164 $template->param( SENT => "1" );
166 catch {
167 carp "Error sending mail: $_";
168 $template->param( error => 1 );
171 $template->param(
172 shelfid => $shelfid,
173 email => $email,
175 output_html_with_http_headers $query, $cookie, $template->output, undef, { force_no_caching => 1 };
178 }else{
179 $template->param( shelfid => $shelfid,
180 url => "/cgi-bin/koha/opac-sendshelf.pl",
182 output_html_with_http_headers $query, $cookie, $template->output, undef, { force_no_caching => 1 };
185 } else {
186 $template->param( invalidlist => 1,
187 url => "/cgi-bin/koha/opac-sendshelf.pl",
189 output_html_with_http_headers $query, $cookie, $template->output, undef, { force_no_caching => 1 };