Bug 20083: Information disclosure when (mis)using the MARC Preview feature
[koha.git] / about.pl
blobcfc2e32fe4ec481e8bf5931279c247e468e5cf45
1 #!/usr/bin/perl
3 # Copyright Pat Eyler 2003
4 # Copyright Biblibre 2006
5 # Parts Copyright Liblime 2008
6 # Parts Copyright Chris Nighswonger 2010
8 # This file is part of Koha.
10 # Koha is free software; you can redistribute it and/or modify it
11 # under the terms of the GNU General Public License as published by
12 # the Free Software Foundation; either version 3 of the License, or
13 # (at your option) any later version.
15 # Koha is distributed in the hope that it will be useful, but
16 # WITHOUT ANY WARRANTY; without even the implied warranty of
17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 # GNU General Public License for more details.
20 # You should have received a copy of the GNU General Public License
21 # along with Koha; if not, see <http://www.gnu.org/licenses>.
23 use Modern::Perl;
25 use CGI qw ( -utf8 );
26 use List::MoreUtils qw/ any /;
27 use LWP::Simple;
28 use XML::Simple;
29 use Config;
30 use Search::Elasticsearch;
31 use Try::Tiny;
33 use C4::Output;
34 use C4::Auth;
35 use C4::Context;
36 use C4::Installer;
38 use Koha;
39 use Koha::Acquisition::Currencies;
40 use Koha::Patron::Categories;
41 use Koha::Patrons;
42 use Koha::Caches;
43 use Koha::Config::SysPrefs;
44 use Koha::Illrequest::Config;
45 use Koha::SearchEngine::Elasticsearch;
47 use C4::Members::Statistics;
50 #use Smart::Comments '####';
52 my $query = new CGI;
53 my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
55 template_name => "about.tt",
56 query => $query,
57 type => "intranet",
58 authnotrequired => 0,
59 flagsrequired => { catalogue => 1 },
60 debug => 1,
64 my $perl_path = $^X;
65 if ($^O ne 'VMS') {
66 $perl_path .= $Config{_exe} unless $perl_path =~ m/$Config{_exe}$/i;
69 my $zebraVersion = `zebraidx -V`;
71 # Check running PSGI env
72 if ( any { /(^psgi\.|^plack\.)/i } keys %ENV ) {
73 $template->param(
74 is_psgi => 1,
75 psgi_server => ($ENV{ PLACK_ENV }) ? "Plack ($ENV{PLACK_ENV})" :
76 ($ENV{ MOD_PERL }) ? "mod_perl ($ENV{MOD_PERL})" :
77 'Unknown'
81 # Memcached configuration
82 my $memcached_servers = $ENV{MEMCACHED_SERVERS} || C4::Context->config('memcached_servers');
83 my $memcached_namespace = $ENV{MEMCACHED_NAMESPACE} || C4::Context->config('memcached_namespace') // 'koha';
85 my $cache = Koha::Caches->get_instance;
86 my $effective_caching_method = ref($cache->cache);
87 # Memcached may have been running when plack has been initialized but could have been stopped since
88 # FIXME What are the consequences of that??
89 my $is_memcached_still_active = $cache->set_in_cache('test_for_about_page', "just a simple value");
91 my $where_is_memcached_config = 'nowhere';
92 if ( $ENV{MEMCACHED_SERVERS} and C4::Context->config('memcached_servers') ) {
93 $where_is_memcached_config = 'both';
94 } elsif ( $ENV{MEMCACHED_SERVERS} and not C4::Context->config('memcached_servers') ) {
95 $where_is_memcached_config = 'ENV_only';
96 } elsif ( C4::Context->config('memcached_servers') ) {
97 $where_is_memcached_config = 'config_only';
100 $template->param(
101 effective_caching_method => $effective_caching_method,
102 memcached_servers => $memcached_servers,
103 memcached_namespace => $memcached_namespace,
104 is_memcached_still_active => $is_memcached_still_active,
105 where_is_memcached_config => $where_is_memcached_config,
106 memcached_running => Koha::Caches->get_instance->memcached_cache,
109 # Additional system information for warnings
111 my $warnStatisticsFieldsError;
112 my $prefStatisticsFields = C4::Context->preference('StatisticsFields');
113 if ($prefStatisticsFields) {
114 $warnStatisticsFieldsError = $prefStatisticsFields
115 unless ( $prefStatisticsFields eq C4::Members::Statistics->get_fields() );
118 my $prefAutoCreateAuthorities = C4::Context->preference('AutoCreateAuthorities');
119 my $prefBiblioAddsAuthorities = C4::Context->preference('BiblioAddsAuthorities');
120 my $warnPrefBiblioAddsAuthorities = ( $prefAutoCreateAuthorities && ( !$prefBiblioAddsAuthorities) );
122 my $prefEasyAnalyticalRecords = C4::Context->preference('EasyAnalyticalRecords');
123 my $prefUseControlNumber = C4::Context->preference('UseControlNumber');
124 my $warnPrefEasyAnalyticalRecords = ( $prefEasyAnalyticalRecords && $prefUseControlNumber );
125 my $warnPrefAnonymousPatron = (
126 C4::Context->preference('OPACPrivacy')
127 and not C4::Context->preference('AnonymousPatron')
130 my $anonymous_patron = Koha::Patrons->find( C4::Context->preference('AnonymousPatron') );
131 my $warnPrefAnonymousPatron_PatronDoesNotExist = ( not $anonymous_patron and Koha::Patrons->search({ privacy => 2 })->count );
133 my $errZebraConnection = C4::Context->Zconn("biblioserver",0)->errcode();
135 my $warnIsRootUser = (! $loggedinuser);
137 my $warnNoActiveCurrency = (! defined Koha::Acquisition::Currencies->get_active);
139 my @xml_config_warnings;
141 my $context = new C4::Context;
143 if ( ! defined C4::Context->config('zebra_bib_index_mode') ) {
144 push @xml_config_warnings, {
145 error => 'zebra_bib_index_mode_warn'
147 if ($context->{'server'}->{'biblioserver'}->{'config'} !~ /zebra-biblios-dom.cfg/) {
148 push @xml_config_warnings, {
149 error => 'zebra_bib_mode_seems_grs1'
152 else {
153 push @xml_config_warnings, {
154 error => 'zebra_bib_mode_seems_dom'
157 } else {
158 push @xml_config_warnings, { error => 'zebra_bib_grs_warn' }
159 if C4::Context->config('zebra_bib_index_mode') eq 'grs1';
162 if ( (C4::Context->config('zebra_bib_index_mode') eq 'dom') &&
163 ($context->{'server'}->{'biblioserver'}->{'config'} !~ /zebra-biblios-dom.cfg/) ) {
165 push @xml_config_warnings, {
166 error => 'zebra_bib_index_mode_mismatch_warn'
170 if ( (C4::Context->config('zebra_bib_index_mode') eq 'grs1') &&
171 ($context->{'server'}->{'biblioserver'}->{'config'} =~ /zebra-biblios-dom.cfg/) ) {
173 push @xml_config_warnings, {
174 error => 'zebra_bib_index_mode_mismatch_warn'
178 if ( ! defined C4::Context->config('zebra_auth_index_mode') ) {
179 push @xml_config_warnings, {
180 error => 'zebra_auth_index_mode_warn'
182 if ($context->{'server'}->{'authorityserver'}->{'config'} !~ /zebra-authorities-dom.cfg/) {
183 push @xml_config_warnings, {
184 error => 'zebra_auth_mode_seems_grs1'
187 else {
188 push @xml_config_warnings, {
189 error => 'zebra_auth_mode_seems_dom'
192 } else {
193 push @xml_config_warnings, { error => 'zebra_auth_grs_warn' }
194 if C4::Context->config('zebra_auth_index_mode') eq 'grs1';
197 if ( (C4::Context->config('zebra_auth_index_mode') eq 'dom') && ($context->{'server'}->{'authorityserver'}->{'config'} !~ /zebra-authorities-dom.cfg/) ) {
198 push @xml_config_warnings, {
199 error => 'zebra_auth_index_mode_mismatch_warn'
203 if ( (C4::Context->config('zebra_auth_index_mode') eq 'grs1') && ($context->{'server'}->{'authorityserver'}->{'config'} =~ /zebra-authorities-dom.cfg/) ) {
204 push @xml_config_warnings, {
205 error => 'zebra_auth_index_mode_mismatch_warn'
209 if ( ! defined C4::Context->config('log4perl_conf') ) {
210 push @xml_config_warnings, {
211 error => 'log4perl_entry_missing'
215 if ( ! defined C4::Context->config('upload_path') ) {
216 if ( Koha::Config::SysPrefs->find('OPACBaseURL')->value ) {
217 # OPACBaseURL seems to be set
218 push @xml_config_warnings, {
219 error => 'uploadpath_entry_missing'
221 } else {
222 push @xml_config_warnings, {
223 error => 'uploadpath_and_opacbaseurl_entry_missing'
228 # Test QueryParser configuration sanity
229 if ( C4::Context->preference( 'UseQueryParser' ) ) {
230 # Get the QueryParser configuration file name
231 my $queryparser_file = C4::Context->config( 'queryparser_config' );
232 my $queryparser_fallback_file = '/etc/koha/searchengine/queryparser.yaml';
233 # Check QueryParser is functional
234 my $QParser = C4::Context->queryparser();
235 my $queryparser_error = {};
236 if ( ! defined $QParser || ref($QParser) ne 'Koha::QueryParser::Driver::PQF' ) {
237 # Error initializing the QueryParser object
238 # Get the used queryparser.yaml file path to report the user
239 $queryparser_error->{ fallback } = ( defined $queryparser_file ) ? 0 : 1;
240 $queryparser_error->{ file } = ( defined $queryparser_file )
241 ? $queryparser_file
242 : $queryparser_fallback_file;
243 # Report error data to the template
244 $template->param( QueryParserError => $queryparser_error );
245 } else {
246 # Check for an absent queryparser_config entry in koha-conf.xml
247 if ( ! defined $queryparser_file ) {
248 # Not an error but a warning for the missing entry in koha-conf-xml
249 push @xml_config_warnings, {
250 error => 'queryparser_entry_missing',
251 file => $queryparser_fallback_file
257 # Test Zebra facets configuration
258 if ( !defined C4::Context->config('use_zebra_facets') ) {
259 push @xml_config_warnings, { error => 'use_zebra_facets_entry_missing' };
260 } else {
261 if ( C4::Context->config('use_zebra_facets') &&
262 C4::Context->config('zebra_bib_index_mode') ) {
263 # use_zebra_facets works with DOM
264 push @xml_config_warnings, {
265 error => 'use_zebra_facets_needs_dom'
266 } if C4::Context->config('zebra_bib_index_mode') ne 'dom' ;
270 # ILL module checks
271 if ( C4::Context->preference('ILLModule') ) {
272 my $warnILLConfiguration = 0;
273 my $ill_config_from_file = C4::Context->config("interlibrary_loans");
274 my $ill_config = Koha::Illrequest::Config->new;
276 my $available_ill_backends =
277 ( scalar @{ $ill_config->available_backends } > 0 );
279 # Check backends
280 if ( !$available_ill_backends ) {
281 $template->param( no_ill_backends => 1 );
282 $warnILLConfiguration = 1;
285 # Check partner_code
286 if ( !Koha::Patron::Categories->find($ill_config->partner_code) ) {
287 $template->param( ill_partner_code_doesnt_exist => $ill_config->partner_code );
288 $warnILLConfiguration = 1;
291 if ( !$ill_config_from_file->{partner_code} ) {
292 # partner code not defined
293 $template->param( ill_partner_code_not_defined => 1 );
294 $warnILLConfiguration = 1;
297 $template->param( warnILLConfiguration => $warnILLConfiguration );
300 if ( C4::Context->preference('SearchEngine') eq 'Elasticsearch' ) {
301 # Check ES configuration health and runtime status
303 my $es_status;
304 my $es_config_error;
305 my $es_running = 1;
307 my $es_conf;
308 try {
309 $es_conf = Koha::SearchEngine::Elasticsearch::_read_configuration();
311 catch {
312 if ( ref($_) eq 'Koha::Exceptions::Config::MissingEntry' ) {
313 $template->param( elasticsearch_fatal_config_error => $_->message );
314 $es_config_error = 1;
317 if ( !$es_config_error ) {
319 my $biblios_index_name = $es_conf->{index_name} . "_" . $Koha::SearchEngine::BIBLIOS_INDEX;
320 my $authorities_index_name = $es_conf->{index_name} . "_" . $Koha::SearchEngine::AUTHORITIES_INDEX;
322 my @indexes = ($biblios_index_name, $authorities_index_name);
323 # TODO: When new indexes get added, we could have other ways to
324 # fetch the list of available indexes (e.g. plugins, etc)
325 $es_status->{nodes} = $es_conf->{nodes};
326 my $es = Search::Elasticsearch->new({ nodes => $es_conf->{nodes} });
328 foreach my $index ( @indexes ) {
329 my $count;
330 try {
331 $count = $es->indices->stats( index => $index )
332 ->{_all}{primaries}{docs}{count};
334 catch {
335 if ( ref($_) eq 'Search::Elasticsearch::Error::Missing' ) {
336 push @{ $es_status->{errors} }, "Index not found ($index)";
337 $count = -1;
339 elsif ( ref($_) eq 'Search::Elasticsearch::Error::NoNodes' ) {
340 $es_running = 0;
342 else {
343 # TODO: when time comes, we will cover more use cases
344 die $_;
348 push @{ $es_status->{indexes} },
350 index_name => $index,
351 count => $count
354 $es_status->{running} = $es_running;
356 $template->param( elasticsearch_status => $es_status );
360 # Sco Patron should not contain any other perms than circulate => self_checkout
361 if ( C4::Context->preference('WebBasedSelfCheck')
362 and C4::Context->preference('AutoSelfCheckAllowed')
364 my $userid = C4::Context->preference('AutoSelfCheckID');
365 my $all_permissions = C4::Auth::get_user_subpermissions( $userid );
366 my ( $has_self_checkout_perm, $has_other_permissions );
367 while ( my ( $module, $permissions ) = each %$all_permissions ) {
368 if ( $module eq 'self_check' ) {
369 while ( my ( $permission, $flag ) = each %$permissions ) {
370 if ( $permission eq 'self_checkout_module' ) {
371 $has_self_checkout_perm = 1;
372 } else {
373 $has_other_permissions = 1;
376 } else {
377 $has_other_permissions = 1;
380 $template->param(
381 AutoSelfCheckPatronDoesNotHaveSelfCheckPerm => not ( $has_self_checkout_perm ),
382 AutoSelfCheckPatronHasTooManyPerm => $has_other_permissions,
387 my $dbh = C4::Context->dbh;
388 my $patrons = $dbh->selectall_arrayref(
389 q|select b.borrowernumber from borrowers b join deletedborrowers db on b.borrowernumber=db.borrowernumber|,
390 { Slice => {} }
392 my $biblios = $dbh->selectall_arrayref(
393 q|select b.biblionumber from biblio b join deletedbiblio db on b.biblionumber=db.biblionumber|,
394 { Slice => {} }
396 my $items = $dbh->selectall_arrayref(
397 q|select i.itemnumber from items i join deleteditems di on i.itemnumber=di.itemnumber|,
398 { Slice => {} }
400 my $checkouts = $dbh->selectall_arrayref(
401 q|select i.issue_id from issues i join old_issues oi on i.issue_id=oi.issue_id|,
402 { Slice => {} }
404 my $holds = $dbh->selectall_arrayref(
405 q|select r.reserve_id from reserves r join old_reserves o on r.reserve_id=o.reserve_id|,
406 { Slice => {} }
408 if ( @$patrons or @$biblios or @$items or @$checkouts or @$holds ) {
409 $template->param(
410 has_ai_issues => 1,
411 ai_patrons => $patrons,
412 ai_biblios => $biblios,
413 ai_items => $items,
414 ai_checkouts => $checkouts,
415 ai_holds => $holds,
419 my %versions = C4::Context::get_versions();
421 $template->param(
422 kohaVersion => $versions{'kohaVersion'},
423 osVersion => $versions{'osVersion'},
424 perlPath => $perl_path,
425 perlVersion => $versions{'perlVersion'},
426 perlIncPath => [ map { perlinc => $_ }, @INC ],
427 mysqlVersion => $versions{'mysqlVersion'},
428 apacheVersion => $versions{'apacheVersion'},
429 zebraVersion => $zebraVersion,
430 prefBiblioAddsAuthorities => $prefBiblioAddsAuthorities,
431 prefAutoCreateAuthorities => $prefAutoCreateAuthorities,
432 warnPrefBiblioAddsAuthorities => $warnPrefBiblioAddsAuthorities,
433 warnPrefEasyAnalyticalRecords => $warnPrefEasyAnalyticalRecords,
434 warnPrefAnonymousPatron => $warnPrefAnonymousPatron,
435 warnPrefAnonymousPatron_PatronDoesNotExist => $warnPrefAnonymousPatron_PatronDoesNotExist,
436 errZebraConnection => $errZebraConnection,
437 warnIsRootUser => $warnIsRootUser,
438 warnNoActiveCurrency => $warnNoActiveCurrency,
439 warnNoTemplateCaching => ( C4::Context->config('template_cache_dir') ? 0 : 1 ),
440 xml_config_warnings => \@xml_config_warnings,
441 warnStatisticsFieldsError => $warnStatisticsFieldsError,
444 my @components = ();
446 my $perl_modules = C4::Installer::PerlModules->new;
447 $perl_modules->versions_info;
449 my @pm_types = qw(missing_pm upgrade_pm current_pm);
451 foreach my $pm_type(@pm_types) {
452 my $modules = $perl_modules->get_attr($pm_type);
453 foreach (@$modules) {
454 my ($module, $stats) = each %$_;
455 push(
456 @components,
458 name => $module,
459 version => $stats->{'cur_ver'},
460 missing => ($pm_type eq 'missing_pm' ? 1 : 0),
461 upgrade => ($pm_type eq 'upgrade_pm' ? 1 : 0),
462 current => ($pm_type eq 'current_pm' ? 1 : 0),
463 require => $stats->{'required'},
464 reqversion => $stats->{'min_ver'},
470 @components = sort {$a->{'name'} cmp $b->{'name'}} @components;
472 my $counter=0;
473 my $row = [];
474 my $table = [];
475 foreach (@components) {
476 push (@$row, $_);
477 unless (++$counter % 4) {
478 push (@$table, {row => $row});
479 $row = [];
482 # Processing the last line (if there are any modules left)
483 if (scalar(@$row) > 0) {
484 # Extending $row to the table size
485 $$row[3] = '';
486 # Pushing the last line
487 push (@$table, {row => $row});
489 ## ## $table
491 $template->param( table => $table );
494 ## ------------------------------------------
495 ## Koha time line code
497 #get file location
498 my $docdir;
499 if ( defined C4::Context->config('docdir') ) {
500 $docdir = C4::Context->config('docdir');
501 } else {
502 # if no <docdir> is defined in koha-conf.xml, use the default location
503 # this is a work-around to stop breakage on upgraded Kohas, bug 8911
504 $docdir = C4::Context->config('intranetdir') . '/docs';
507 if ( open( my $file, "<:encoding(UTF-8)", "$docdir" . "/history.txt" ) ) {
509 my $i = 0;
511 my @rows2 = ();
512 my $row2 = [];
514 my @lines = <$file>;
515 close($file);
517 shift @lines; #remove header row
519 foreach (@lines) {
520 my ( $epoch, $date, $desc, $tag ) = split(/\t/);
521 if(!$desc && $date=~ /(?<=\d{4})\s+/) {
522 ($date, $desc)= ($`, $');
524 push(
525 @rows2,
527 date => $date,
528 desc => $desc,
533 my $table2 = [];
534 #foreach my $row2 (@rows2) {
535 foreach (@rows2) {
536 push (@$row2, $_);
537 push( @$table2, { row2 => $row2 } );
538 $row2 = [];
541 $template->param( table2 => $table2 );
542 } else {
543 $template->param( timeline_read_error => 1 );
546 output_html_with_http_headers $query, $cookie, $template->output;