Bug 20083: Information disclosure when (mis)using the MARC Preview feature
[koha.git] / C4 / NewsChannels.pm
bloba01d2798ec3056f8ec3eecd0aa952037dd648045
1 package C4::NewsChannels;
3 # This file is part of Koha.
5 # Copyright (C) 2000-2002 Katipo Communications
6 # Copyright (C) 2013 Mark Tompsett
8 # Koha is free software; you can redistribute it and/or modify it
9 # under the terms of the GNU General Public License as published by
10 # the Free Software Foundation; either version 3 of the License, or
11 # (at your option) any later version.
13 # Koha is distributed in the hope that it will be useful, but
14 # WITHOUT ANY WARRANTY; without even the implied warranty of
15 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 # GNU General Public License for more details.
18 # You should have received a copy of the GNU General Public License
19 # along with Koha; if not, see <http://www.gnu.org/licenses>.
21 use Modern::Perl;
22 use C4::Context;
23 use Koha::DateUtils;
25 use vars qw(@ISA @EXPORT);
27 BEGIN {
28 @ISA = qw(Exporter);
29 @EXPORT = qw(
30 &GetNewsToDisplay
31 &add_opac_new &upd_opac_new &del_opac_new &get_opac_new &get_opac_news
35 =head1 NAME
37 C4::NewsChannels - Functions to manage OPAC and intranet news
39 =head1 DESCRIPTION
41 This module provides the functions needed to mange OPAC and intranet news.
43 =head1 FUNCTIONS
45 =cut
47 =head2 add_opac_new
49 $retval = add_opac_new($hashref);
51 $hashref should contains all the fields found in opac_news,
52 except idnew. The idnew field is auto-generated.
54 =cut
56 sub add_opac_new {
57 my ($href_entry) = @_;
58 my $retval = 0;
60 if ($href_entry) {
61 my @fields = keys %{$href_entry};
62 my @values = values %{$href_entry};
63 my $field_string = join ',', @fields;
64 $field_string = $field_string // q{};
65 my $values_string = join(',', map { '?' } @fields);
66 my $dbh = C4::Context->dbh;
67 my $sth = $dbh->prepare("INSERT INTO opac_news ( $field_string ) VALUES ( $values_string )");
68 $sth->execute(@values);
69 $retval = 1;
71 return $retval;
74 =head2 upd_opac_new
76 $retval = upd_opac_new($hashref);
78 $hashref should contains all the fields found in opac_news,
79 including idnew, since it is the key for the SQL UPDATE.
81 =cut
83 sub upd_opac_new {
84 my ($href_entry) = @_;
85 my $retval = 0;
87 if ($href_entry) {
88 # take the keys of hash entry and make a list, but...
89 my @fields = keys %{$href_entry};
90 my @values;
91 $#values = -1;
92 my $field_string = q{};
93 foreach my $field_name (@fields) {
94 # exclude idnew
95 if ( $field_name ne 'idnew' ) {
96 $field_string = $field_string . "$field_name = ?,";
97 push @values,$href_entry->{$field_name};
100 # put idnew at the end, so we know which record to update
101 push @values,$href_entry->{'idnew'};
102 chop $field_string; # remove that excess ,
104 my $dbh = C4::Context->dbh;
105 my $sth = $dbh->prepare("UPDATE opac_news SET $field_string WHERE idnew = ?;");
106 $sth->execute(@values);
107 $retval = 1;
109 return $retval;
112 sub del_opac_new {
113 my ($ids) = @_;
114 if ($ids) {
115 my $dbh = C4::Context->dbh;
116 my $sth = $dbh->prepare("DELETE FROM opac_news WHERE idnew IN ($ids)");
117 $sth->execute();
118 return 1;
119 } else {
120 return 0;
124 sub get_opac_new {
125 my ($idnew) = @_;
126 my $dbh = C4::Context->dbh;
127 my $query = q{
128 SELECT opac_news.*,branches.branchname
129 FROM opac_news LEFT JOIN branches
130 ON opac_news.branchcode=branches.branchcode
131 WHERE opac_news.idnew = ?;
133 my $sth = $dbh->prepare($query);
134 $sth->execute($idnew);
135 my $data = $sth->fetchrow_hashref;
136 $data->{$data->{'lang'}} = 1 if defined $data->{lang};
137 $data->{expirationdate} = output_pref({ dt => dt_from_string( $data->{expirationdate} ), dateonly => 1 }) if ( $data->{expirationdate} );
138 $data->{timestamp} = output_pref({ dt => dt_from_string( $data->{timestamp} ), dateonly => 1 }) ;
139 return $data;
142 sub get_opac_news {
143 my ($limit, $lang, $branchcode) = @_;
144 my @values;
145 my $dbh = C4::Context->dbh;
146 my $query = q{
147 SELECT opac_news.*, branches.branchname,
148 timestamp AS newdate,
149 borrowers.title AS author_title,
150 borrowers.firstname AS author_firstname,
151 borrowers.surname AS author_surname
152 FROM opac_news LEFT JOIN branches
153 ON opac_news.branchcode=branches.branchcode
154 LEFT JOIN borrowers on borrowers.borrowernumber = opac_news.borrowernumber
156 $query .= ' WHERE 1';
157 if ($lang) {
158 $query .= " AND (opac_news.lang='' OR opac_news.lang=?)";
159 push @values,$lang;
161 if ($branchcode) {
162 $query .= ' AND (opac_news.branchcode IS NULL OR opac_news.branchcode=?)';
163 push @values,$branchcode;
165 $query.= ' ORDER BY timestamp DESC ';
166 #if ($limit) {
167 # $query.= 'LIMIT 0, ' . $limit;
169 my $sth = $dbh->prepare($query);
170 $sth->execute(@values);
171 my @opac_news;
172 my $count = 0;
173 while (my $row = $sth->fetchrow_hashref) {
174 if ((($limit) && ($count < $limit)) || (!$limit)) {
175 push @opac_news, $row;
177 $count++;
179 return ($count, \@opac_news);
182 =head2 GetNewsToDisplay
184 $news = &GetNewsToDisplay($lang,$branch);
185 C<$news> is a ref to an array which contains
186 all news with expirationdate > today or expirationdate is null
187 that is applicable for a given branch.
189 =cut
191 sub GetNewsToDisplay {
192 my ($lang,$branch) = @_;
193 my $dbh = C4::Context->dbh;
194 # SELECT *,DATE_FORMAT(timestamp, '%d/%m/%Y') AS newdate
195 my $query = q{
196 SELECT opac_news.*,timestamp AS newdate,
197 borrowers.title AS author_title,
198 borrowers.firstname AS author_firstname,
199 borrowers.surname AS author_surname
200 FROM opac_news
201 LEFT JOIN borrowers on borrowers.borrowernumber = opac_news.borrowernumber
202 WHERE (
203 expirationdate >= CURRENT_DATE()
204 OR expirationdate IS NULL
205 OR expirationdate = '00-00-0000'
207 AND DATE(timestamp) < DATE_ADD(CURDATE(), INTERVAL 1 DAY)
208 AND (opac_news.lang = '' OR opac_news.lang = ?)
209 AND (opac_news.branchcode IS NULL OR opac_news.branchcode = ?)
210 ORDER BY number
211 }; # expirationdate field is NOT in ISO format?
212 # timestamp has HH:mm:ss, CURRENT_DATE generates 00:00:00
213 # by adding 1, that captures today correctly.
214 my $sth = $dbh->prepare($query);
215 $lang = $lang // q{};
216 $sth->execute($lang,$branch);
217 my @results;
218 while ( my $row = $sth->fetchrow_hashref ){
219 $row->{newdate} = output_pref({ dt => dt_from_string( $row->{newdate} ), dateonly => 1 });
220 push @results, $row;
222 return \@results;
226 __END__
228 =head1 AUTHOR
232 =cut