Bug 17900: Fix possible SQL injection in patron cards template editing
[koha.git] / about.pl
blobf0b0499d10e4e136cb7213cfadb4f9e419e67889
1 #!/usr/bin/perl
3 # Copyright Pat Eyler 2003
4 # Copyright Biblibre 2006
5 # Parts Copyright Liblime 2008
6 # Parts Copyright Chris Nighswonger 2010
8 # This file is part of Koha.
10 # Koha is free software; you can redistribute it and/or modify it
11 # under the terms of the GNU General Public License as published by
12 # the Free Software Foundation; either version 3 of the License, or
13 # (at your option) any later version.
15 # Koha is distributed in the hope that it will be useful, but
16 # WITHOUT ANY WARRANTY; without even the implied warranty of
17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 # GNU General Public License for more details.
20 # You should have received a copy of the GNU General Public License
21 # along with Koha; if not, see <http://www.gnu.org/licenses>.
23 use Modern::Perl;
25 use CGI qw ( -utf8 );
26 use List::MoreUtils qw/ any /;
27 use LWP::Simple;
28 use XML::Simple;
29 use Config;
31 use C4::Output;
32 use C4::Auth;
33 use C4::Context;
34 use C4::Installer;
36 use Koha;
37 use Koha::Acquisition::Currencies;
38 use Koha::Patrons;
39 use Koha::Caches;
40 use Koha::Config::SysPrefs;
41 use C4::Members::Statistics;
43 #use Smart::Comments '####';
45 my $query = new CGI;
46 my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
48 template_name => "about.tt",
49 query => $query,
50 type => "intranet",
51 authnotrequired => 0,
52 flagsrequired => { catalogue => 1 },
53 debug => 1,
57 my $perl_path = $^X;
58 if ($^O ne 'VMS') {
59 $perl_path .= $Config{_exe} unless $perl_path =~ m/$Config{_exe}$/i;
62 my $zebraVersion = `zebraidx -V`;
64 # Check running PSGI env
65 if ( any { /(^psgi\.|^plack\.)/i } keys %ENV ) {
66 $template->param(
67 is_psgi => 1,
68 psgi_server => ($ENV{ PLACK_ENV }) ? "Plack ($ENV{PLACK_ENV})" :
69 ($ENV{ MOD_PERL }) ? "mod_perl ($ENV{MOD_PERL})" :
70 'Unknown'
74 # Memcached configuration
75 my $memcached_servers = $ENV{MEMCACHED_SERVERS} || C4::Context->config('memcached_servers');
76 my $memcached_namespace = $ENV{MEMCACHED_NAMESPACE} || C4::Context->config('memcached_namespace') // 'koha';
78 my $cache = Koha::Caches->get_instance;
79 my $effective_caching_method = ref($cache->cache);
80 # Memcached may have been running when plack has been initialized but could have been stopped since
81 # FIXME What are the consequences of that??
82 my $is_memcached_still_active = $cache->set_in_cache('test_for_about_page', "just a simple value");
84 my $where_is_memcached_config = 'nowhere';
85 if ( $ENV{MEMCACHED_SERVERS} and C4::Context->config('memcached_servers') ) {
86 $where_is_memcached_config = 'both';
87 } elsif ( $ENV{MEMCACHED_SERVERS} and not C4::Context->config('memcached_servers') ) {
88 $where_is_memcached_config = 'ENV_only';
89 } elsif ( C4::Context->config('memcached_servers') ) {
90 $where_is_memcached_config = 'config_only';
93 $template->param(
94 effective_caching_method => $effective_caching_method,
95 memcached_servers => $memcached_servers,
96 memcached_namespace => $memcached_namespace,
97 is_memcached_still_active => $is_memcached_still_active,
98 where_is_memcached_config => $where_is_memcached_config,
99 memcached_running => Koha::Caches->get_instance->memcached_cache,
102 # Additional system information for warnings
104 my $warnStatisticsFieldsError;
105 my $prefStatisticsFields = C4::Context->preference('StatisticsFields');
106 if ($prefStatisticsFields) {
107 $warnStatisticsFieldsError = $prefStatisticsFields
108 unless ( $prefStatisticsFields eq C4::Members::Statistics->get_fields() );
111 my $prefAutoCreateAuthorities = C4::Context->preference('AutoCreateAuthorities');
112 my $prefBiblioAddsAuthorities = C4::Context->preference('BiblioAddsAuthorities');
113 my $warnPrefBiblioAddsAuthorities = ( $prefAutoCreateAuthorities && ( !$prefBiblioAddsAuthorities) );
115 my $prefEasyAnalyticalRecords = C4::Context->preference('EasyAnalyticalRecords');
116 my $prefUseControlNumber = C4::Context->preference('UseControlNumber');
117 my $warnPrefEasyAnalyticalRecords = ( $prefEasyAnalyticalRecords && $prefUseControlNumber );
118 my $warnPrefAnonymousPatron = (
119 C4::Context->preference('OPACPrivacy')
120 and not C4::Context->preference('AnonymousPatron')
123 my $anonymous_patron = Koha::Patrons->find( C4::Context->preference('AnonymousPatron') );
124 my $warnPrefAnonymousPatron_PatronDoesNotExist = ( not $anonymous_patron and Koha::Patrons->search({ privacy => 2 })->count );
126 my $errZebraConnection = C4::Context->Zconn("biblioserver",0)->errcode();
128 my $warnIsRootUser = (! $loggedinuser);
130 my $warnNoActiveCurrency = (! defined Koha::Acquisition::Currencies->get_active);
132 my @xml_config_warnings;
134 my $context = new C4::Context;
136 if ( ! defined C4::Context->config('zebra_bib_index_mode') ) {
137 push @xml_config_warnings, {
138 error => 'zebra_bib_index_mode_warn'
140 if ($context->{'server'}->{'biblioserver'}->{'config'} !~ /zebra-biblios-dom.cfg/) {
141 push @xml_config_warnings, {
142 error => 'zebra_bib_mode_seems_grs1'
145 else {
146 push @xml_config_warnings, {
147 error => 'zebra_bib_mode_seems_dom'
150 } else {
151 push @xml_config_warnings, { error => 'zebra_bib_grs_warn' }
152 if C4::Context->config('zebra_bib_index_mode') eq 'grs1';
155 if ( (C4::Context->config('zebra_bib_index_mode') eq 'dom') &&
156 ($context->{'server'}->{'biblioserver'}->{'config'} !~ /zebra-biblios-dom.cfg/) ) {
158 push @xml_config_warnings, {
159 error => 'zebra_bib_index_mode_mismatch_warn'
163 if ( (C4::Context->config('zebra_bib_index_mode') eq 'grs1') &&
164 ($context->{'server'}->{'biblioserver'}->{'config'} =~ /zebra-biblios-dom.cfg/) ) {
166 push @xml_config_warnings, {
167 error => 'zebra_bib_index_mode_mismatch_warn'
171 if ( ! defined C4::Context->config('zebra_auth_index_mode') ) {
172 push @xml_config_warnings, {
173 error => 'zebra_auth_index_mode_warn'
175 if ($context->{'server'}->{'authorityserver'}->{'config'} !~ /zebra-authorities-dom.cfg/) {
176 push @xml_config_warnings, {
177 error => 'zebra_auth_mode_seems_grs1'
180 else {
181 push @xml_config_warnings, {
182 error => 'zebra_auth_mode_seems_dom'
185 } else {
186 push @xml_config_warnings, { error => 'zebra_auth_grs_warn' }
187 if C4::Context->config('zebra_auth_index_mode') eq 'grs1';
190 if ( (C4::Context->config('zebra_auth_index_mode') eq 'dom') && ($context->{'server'}->{'authorityserver'}->{'config'} !~ /zebra-authorities-dom.cfg/) ) {
191 push @xml_config_warnings, {
192 error => 'zebra_auth_index_mode_mismatch_warn'
196 if ( (C4::Context->config('zebra_auth_index_mode') eq 'grs1') && ($context->{'server'}->{'authorityserver'}->{'config'} =~ /zebra-authorities-dom.cfg/) ) {
197 push @xml_config_warnings, {
198 error => 'zebra_auth_index_mode_mismatch_warn'
202 if ( ! defined C4::Context->config('log4perl_conf') ) {
203 push @xml_config_warnings, {
204 error => 'log4perl_entry_missing'
208 if ( ! defined C4::Context->config('upload_path') ) {
209 if ( Koha::Config::SysPrefs->find('OPACBaseURL')->value ) {
210 # OPACBaseURL seems to be set
211 push @xml_config_warnings, {
212 error => 'uploadpath_entry_missing'
214 } else {
215 push @xml_config_warnings, {
216 error => 'uploadpath_and_opacbaseurl_entry_missing'
221 # Test QueryParser configuration sanity
222 if ( C4::Context->preference( 'UseQueryParser' ) ) {
223 # Get the QueryParser configuration file name
224 my $queryparser_file = C4::Context->config( 'queryparser_config' );
225 my $queryparser_fallback_file = '/etc/koha/searchengine/queryparser.yaml';
226 # Check QueryParser is functional
227 my $QParser = C4::Context->queryparser();
228 my $queryparser_error = {};
229 if ( ! defined $QParser || ref($QParser) ne 'Koha::QueryParser::Driver::PQF' ) {
230 # Error initializing the QueryParser object
231 # Get the used queryparser.yaml file path to report the user
232 $queryparser_error->{ fallback } = ( defined $queryparser_file ) ? 0 : 1;
233 $queryparser_error->{ file } = ( defined $queryparser_file )
234 ? $queryparser_file
235 : $queryparser_fallback_file;
236 # Report error data to the template
237 $template->param( QueryParserError => $queryparser_error );
238 } else {
239 # Check for an absent queryparser_config entry in koha-conf.xml
240 if ( ! defined $queryparser_file ) {
241 # Not an error but a warning for the missing entry in koha-conf-xml
242 push @xml_config_warnings, {
243 error => 'queryparser_entry_missing',
244 file => $queryparser_fallback_file
250 # Test Zebra facets configuration
251 if ( !defined C4::Context->config('use_zebra_facets') ) {
252 push @xml_config_warnings, { error => 'use_zebra_facets_entry_missing' };
253 } else {
254 if ( C4::Context->config('use_zebra_facets') &&
255 C4::Context->config('zebra_bib_index_mode') ) {
256 # use_zebra_facets works with DOM
257 push @xml_config_warnings, {
258 error => 'use_zebra_facets_needs_dom'
259 } if C4::Context->config('zebra_bib_index_mode') ne 'dom' ;
263 # Sco Patron should not contain any other perms than circulate => self_checkout
264 if ( C4::Context->preference('WebBasedSelfCheck')
265 and C4::Context->preference('AutoSelfCheckAllowed')
267 my $userid = C4::Context->preference('AutoSelfCheckID');
268 my $all_permissions = C4::Auth::get_user_subpermissions( $userid );
269 my ( $has_self_checkout_perm, $has_other_permissions );
270 while ( my ( $module, $permissions ) = each %$all_permissions ) {
271 if ( $module eq 'circulate' ) {
272 while ( my ( $permission, $flag ) = each %$permissions ) {
273 if ( $permission eq 'self_checkout' ) {
274 $has_self_checkout_perm = 1;
275 } else {
276 $has_other_permissions = 1;
279 } else {
280 $has_other_permissions = 1;
283 $template->param(
284 AutoSelfCheckPatronDoesNotHaveSelfCheckPerm => not ( $has_self_checkout_perm ),
285 AutoSelfCheckPatronHasTooManyPerm => $has_other_permissions,
291 my %versions = C4::Context::get_versions();
293 $template->param(
294 kohaVersion => $versions{'kohaVersion'},
295 osVersion => $versions{'osVersion'},
296 perlPath => $perl_path,
297 perlVersion => $versions{'perlVersion'},
298 perlIncPath => [ map { perlinc => $_ }, @INC ],
299 mysqlVersion => $versions{'mysqlVersion'},
300 apacheVersion => $versions{'apacheVersion'},
301 zebraVersion => $zebraVersion,
302 prefBiblioAddsAuthorities => $prefBiblioAddsAuthorities,
303 prefAutoCreateAuthorities => $prefAutoCreateAuthorities,
304 warnPrefBiblioAddsAuthorities => $warnPrefBiblioAddsAuthorities,
305 warnPrefEasyAnalyticalRecords => $warnPrefEasyAnalyticalRecords,
306 warnPrefAnonymousPatron => $warnPrefAnonymousPatron,
307 warnPrefAnonymousPatron_PatronDoesNotExist => $warnPrefAnonymousPatron_PatronDoesNotExist,
308 errZebraConnection => $errZebraConnection,
309 warnIsRootUser => $warnIsRootUser,
310 warnNoActiveCurrency => $warnNoActiveCurrency,
311 warnNoTemplateCaching => ( C4::Context->config('template_cache_dir') ? 0 : 1 ),
312 xml_config_warnings => \@xml_config_warnings,
313 warnStatisticsFieldsError => $warnStatisticsFieldsError,
316 my @components = ();
318 my $perl_modules = C4::Installer::PerlModules->new;
319 $perl_modules->version_info;
321 my @pm_types = qw(missing_pm upgrade_pm current_pm);
323 foreach my $pm_type(@pm_types) {
324 my $modules = $perl_modules->get_attr($pm_type);
325 foreach (@$modules) {
326 my ($module, $stats) = each %$_;
327 push(
328 @components,
330 name => $module,
331 version => $stats->{'cur_ver'},
332 missing => ($pm_type eq 'missing_pm' ? 1 : 0),
333 upgrade => ($pm_type eq 'upgrade_pm' ? 1 : 0),
334 current => ($pm_type eq 'current_pm' ? 1 : 0),
335 require => $stats->{'required'},
336 reqversion => $stats->{'min_ver'},
342 @components = sort {$a->{'name'} cmp $b->{'name'}} @components;
344 my $counter=0;
345 my $row = [];
346 my $table = [];
347 foreach (@components) {
348 push (@$row, $_);
349 unless (++$counter % 4) {
350 push (@$table, {row => $row});
351 $row = [];
354 # Processing the last line (if there are any modules left)
355 if (scalar(@$row) > 0) {
356 # Extending $row to the table size
357 $$row[3] = '';
358 # Pushing the last line
359 push (@$table, {row => $row});
361 ## ## $table
363 $template->param( table => $table );
366 ## ------------------------------------------
367 ## Koha time line code
369 #get file location
370 my $docdir;
371 if ( defined C4::Context->config('docdir') ) {
372 $docdir = C4::Context->config('docdir');
373 } else {
374 # if no <docdir> is defined in koha-conf.xml, use the default location
375 # this is a work-around to stop breakage on upgraded Kohas, bug 8911
376 $docdir = C4::Context->config('intranetdir') . '/docs';
379 if ( open( my $file, "<:encoding(UTF-8)", "$docdir" . "/history.txt" ) ) {
381 my $i = 0;
383 my @rows2 = ();
384 my $row2 = [];
386 my @lines = <$file>;
387 close($file);
389 shift @lines; #remove header row
391 foreach (@lines) {
392 my ( $date, $desc, $tag ) = split(/\t/);
393 if(!$desc && $date=~ /(?<=\d{4})\s+/) {
394 ($date, $desc)= ($`, $');
396 push(
397 @rows2,
399 date => $date,
400 desc => $desc,
405 my $table2 = [];
406 #foreach my $row2 (@rows2) {
407 foreach (@rows2) {
408 push (@$row2, $_);
409 push( @$table2, { row2 => $row2 } );
410 $row2 = [];
413 $template->param( table2 => $table2 );
414 } else {
415 $template->param( timeline_read_error => 1 );
418 output_html_with_http_headers $query, $cookie, $template->output;