Bug 17902: Fix possible SQL injection in serials editing
[koha.git] / opac / opac-privacy.pl
blob969c46a431e396940811c55f8e2c914eca2badf7
1 #!/usr/bin/perl
2 # This script lets the users change their privacy rules
4 # copyright 2009, BibLibre, paul.poulain@biblibre.com
6 # Koha is free software; you can redistribute it and/or modify it
7 # under the terms of the GNU General Public License as published by
8 # the Free Software Foundation; either version 3 of the License, or
9 # (at your option) any later version.
11 # Koha is distributed in the hope that it will be useful, but
12 # WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 # GNU General Public License for more details.
16 # You should have received a copy of the GNU General Public License
17 # along with Koha; if not, see <http://www.gnu.org/licenses>.
19 use strict;
20 use CGI qw ( -utf8 );
22 use C4::Auth; # checkauth, getborrowernumber.
23 use C4::Context;
24 use C4::Circulation;
25 use C4::Members;
26 use C4::Output;
27 use Koha::Patrons;
29 my $query = new CGI;
31 # if OPACPrivacy is disabled, leave immediately
32 if ( ! C4::Context->preference('OPACPrivacy') || ! C4::Context->preference('opacreadinghistory') ) {
33 print $query->redirect("/cgi-bin/koha/errors/404.pl");
34 exit;
37 my $dbh = C4::Context->dbh;
39 my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
41 template_name => "opac-privacy.tt",
42 query => $query,
43 type => "opac",
44 authnotrequired => 0,
45 debug => 1,
49 my $op = $query->param("op");
50 my $privacy = $query->param("privacy");
51 my $privacy_guarantor_checkouts = $query->param("privacy_guarantor_checkouts");
53 if ( $op eq "update_privacy" ) {
54 ModMember(
55 borrowernumber => $borrowernumber,
56 privacy => $privacy,
57 privacy_guarantor_checkouts => $privacy_guarantor_checkouts,
59 $template->param( 'privacy_updated' => 1 );
61 elsif ( $op eq "delete_record" ) {
63 # delete all reading records for items returned
64 # uses a hardcoded date ridiculously far in the future
65 my ( $rows, $err_history_not_deleted ) =
66 AnonymiseIssueHistory( '2999-12-12', $borrowernumber );
68 # confirm the user the deletion has been done
69 if ( !$err_history_not_deleted ) {
70 $template->param( 'deleted' => 1 );
72 else {
73 $template->param( 'err_history_not_deleted' => 1 );
77 # get borrower privacy ....
78 my $borrower = Koha::Patrons->find( $borrowernumber );;
80 $template->param(
81 'Ask_data' => 1,
82 'privacy' . $borrower->privacy() => 1,
83 'privacyview' => 1,
84 'borrower' => $borrower,
85 'surname' => $borrower->surname,
86 'firstname' => $borrower->firstname,
89 output_html_with_http_headers $query, $cookie, $template->output, undef, { force_no_caching => 1 };