Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cloudLibrary with alternate cards bug fixes #2029

Merged
merged 5 commits into from
Aug 29, 2024
Merged

cloudLibrary with alternate cards bug fixes #2029

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
2746d19
Fix checking cloudLibrary settings for alternate cards and linked acc…
Abhyastamita Aug 28, 2024
b28ca7c
More consistent alignment for form inputs and labels
Abhyastamita Aug 28, 2024
058fda9
Merge branch '24.09.00' of https://github.com/Abhyastamita/aspen-disc…
Abhyastamita Aug 28, 2024
4473a27
Update release notes
Abhyastamita Aug 28, 2024
0d323e6
Automatically block spammy user agents
Abhyastamita Aug 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 53 additions & 0 deletions code/web/bootstrap.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,11 @@
if (strlen($userAgentString) > 512) {
$userAgentString = substr($userAgentString, 0, 512);
}
if (isSpammyUserAgent($userAgentString)) {
http_response_code(404);
echo("<html><head><title>Page Not Found</title></head><body><h1>404</h1> <p>We're sorry, but the page you are looking for can't be found.</p></body></html>");
die();
}
$userAgent->userAgent = $userAgentString;
if ($userAgent->find(true)) {
$userAgentId = $userAgent->id;
Expand Down Expand Up @@ -431,4 +436,52 @@ function getGitBranch() {
}

return $branchName;
}

//Look for spammy user agents and kill them
function isSpammyUserAgent($userAgentString): bool {
if (stripos($userAgentString, 'DBMS_PIPE.RECEIVE_MESSAGE') !== false) {
return true;
} elseif (stripos($userAgentString, 'PG_SLEEP') !== false) {
return true;
} elseif (stripos($userAgentString, 'SELECT') !== false) {
return true;
} elseif (stripos($userAgentString, 'SLEEP') !== false) {
return true;
} elseif (stripos($userAgentString, 'ORDER BY') !== false) {
return true;
} elseif (stripos($userAgentString, 'WAITFOR') !== false) {
return true;
} elseif (stripos($userAgentString, 'nvOpzp') !== false) {
return true;
} elseif (stripos($userAgentString, 'window.location') !== false) {
return true;
} elseif (stripos($userAgentString, 'window.top') !== false) {
return true;
} elseif (stripos($userAgentString, 'nslookup') !== false) {
return true;
} elseif (stripos($userAgentString, 'if(') !== false) {
return true;
} elseif (stripos($userAgentString, 'now(') !== false) {
return true;
} elseif (stripos($userAgentString, 'sysdate()') !== false) {
return true;
} elseif (stripos($userAgentString, 'sleep(') !== false) {
return true;
} elseif (stripos($userAgentString, 'cast(') !== false) {
return true;
} elseif (stripos($userAgentString, 'current_database') !== false) {
return true;
} elseif (stripos($userAgentString, 'response.write') !== false) {
return true;
} elseif (stripos($userAgentString, 'CONVERT(') !== false) {
return true;
} elseif (stripos($userAgentString, 'EXTRACTVALUE(') !== false) {
return true;
}
$termWithoutTags = strip_tags($userAgentString);
if ($termWithoutTags != $userAgentString) {
return true;
}
return false;
}
12 changes: 6 additions & 6 deletions code/web/interface/themes/responsive/CloudLibrary/add-alternate-library-card.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,28 +9,28 @@
<div class="col-xs-12">{$alternateLibraryCardFormMessage}</div>
</div>
{/if}
<div class="form-group row">
<label for="alternateLibraryCard" class="control-label col-xs-12 col-sm-4">
<div class="form-group propertyRow">
<label for="alternateLibraryCard" class="control-label">
{if !empty($alternateLibraryCardLabel)}
{translate text=$alternateLibraryCardLabel isPublicFacing=true isAdminEnteredData=true}
{else}
{translate text="Alternate Library Card" isPublicFacing=true isAdminEnteredData=false}
{/if}
</label>
<div class="col-md-6">
<div>
<input type="text" name="alternateLibraryCard" id="alternateLibraryCard" value="{$user->alternateLibraryCard}" maxlength="60" class="form-control" >
</div>
</div>
{if !empty($showAlternateLibraryCardPassword)}
<div class="form-group row">
<label for="alternateLibraryCardPassword" class="control-label col-xs-12 col-sm-4">
<div class="form-group propertyRow">
<label for="alternateLibraryCardPassword" class="control-label">
{if !empty($alternateLibraryCardPasswordLabel)}
{translate text=$alternateLibraryCardPasswordLabel isPublicFacing=true isAdminEnteredData=true}
{else}
{translate text="Password/PIN" isPublicFacing=true isAdminEnteredData=false}
{/if}
</label>
<div class="col-md-6">
<div>
<input type="password" name="alternateLibraryCardPassword" id="alternateLibraryCardPassword" value="{$user->alternateLibraryCardPassword}" maxlength="60" class="form-control">
</div>
</div>
Expand Down
16 changes: 8 additions & 8 deletions code/web/interface/themes/responsive/MyAccount/libraryCard.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@
<h1>{translate text=$alternateLibraryCardLabel isPublicFacing=true isAdminEnteredData=true}</h1>
{if !empty($alternateLibraryCardFormMessage)}
<div class="row">
<div class="col-xs-12">{$alternateLibraryCardFormMessage}<div>
<div class="col-xs-12">{$alternateLibraryCardFormMessage}</div>
</div>
{/if}
{if $alternateLibraryCardStyle != 'none'}
Expand All @@ -58,29 +58,29 @@
</div>
</div>
{/if}
<form name="alternateLibraryCard" method="post" class="form-horizontal">
<div class="form-group">
<label for="alternateLibraryCard" class="control-label col-xs-12 col-sm-4">
<form name="alternateLibraryCard" method="post" class="form col-xs-12">
<div class="form-group propertyRow">
<label for="alternateLibraryCard" class="control-label propertyRow">
{if !empty($alternateLibraryCardLabel)}
{translate text=$alternateLibraryCardLabel isPublicFacing=true isAdminEnteredData=true}
{else}
{translate text="Alternate Library Card" isPublicFacing=true isAdminEnteredData=false}
{/if}
</label>
<div class="col-md-6 col-md-offset-3">
<div>
<input type="text" name="alternateLibraryCard" id="alternateLibraryCard" value="{$profile->alternateLibraryCard}" maxlength="60" class="form-control" onchange="updateAlternateLibraryCardBarcode()">
</div>
</div>
{if !empty($showAlternateLibraryCardPassword)}
<div class="form-group">
<label for="alternateLibraryCardPassword" class="control-label col-xs-12 col-sm-4">
<div class="form-group propertyRow">
<label for="alternateLibraryCardPassword" class="control-label">
{if !empty($alternateLibraryCardPasswordLabel)}
{translate text=$alternateLibraryCardPasswordLabel isPublicFacing=true isAdminEnteredData=true}
{else}
{translate text="Password/PIN" isPublicFacing=true isAdminEnteredData=false}
{/if}
</label>
<div class="col-md-6 col-md-offset-3">
<div>
<input type="password" name="alternateLibraryCardPassword" id="alternateLibraryCardPassword" value="{$profile->alternateLibraryCardPassword}" maxlength="60" class="form-control">
</div>
</div>
Expand Down
4 changes: 2 additions & 2 deletions code/web/interface/themes/responsive/js/aspen.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions code/web/interface/themes/responsive/js/aspen/cloud-library.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -169,7 +169,7 @@ AspenDiscovery.CloudLibrary = (function () {
var patronId = $("#patronId option:selected").val();
var useAlternateCard = $("#useAlternateLibraryCard").val();
var validCard = $("#patronId option:selected").attr("data-valid-card");
if (useAlternateCard === 0 || validCard === "1") {
if (useAlternateCard == 0 || validCard === "1") {
return AspenDiscovery.CloudLibrary.doCheckOut(patronId, id);
} else {
var url = Globals.path + "/CloudLibrary/" + id + "/AJAX?method=prepareAlternateLibraryCardPrompts&type=checkOutTitle&patronId=" + patronId;
Expand Down Expand Up @@ -198,7 +198,7 @@ AspenDiscovery.CloudLibrary = (function () {
var patronId = $("#patronId option:selected").val();
var useAlternateCard = $("#useAlternateLibraryCard").val();
var validCard = $("#patronId option:selected").attr("data-valid-card");
if (useAlternateCard === 0 || validCard === "1") {
if (useAlternateCard == 0 || validCard === "1") {
return AspenDiscovery.CloudLibrary.doHold(patronId, id);
} else {
var url = Globals.path + "/CloudLibrary/" + id + "/AJAX?method=prepareAlternateLibraryCardPrompts&type=placeHold&patronId=" + patronId;
Expand Down
7 changes: 7 additions & 0 deletions code/web/release_notes/24.09.00.MD
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,13 @@
### System Updates
- Add pagination to Usage by User Agent Report. (*KP*)

### cloudLibrary Updates
- Bugfix for alternate card prompt appearing when it should not. (*KP*)
- Linked accounts use the settings for the scope that matches the linked account's home library during checkout/hold placement. (*KP*)

### Other Updates
- Automatically block requests when the User Agent contains spammy content. (*KP*)

// kirstien
### API Updates
- Added useAlternateLibraryCardForCloudLibrary in Location and Library APIs to get the useAlternateLibraryCard setting for the assigned cloudLibrary scope. (*KK*)
Expand Down
18 changes: 8 additions & 10 deletions code/web/services/CloudLibrary/AJAX.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,11 +97,10 @@ function getHoldPrompts() {
$promptTitle = 'cloudLibrary Hold Options';
$interface->assign('useAlternateLibraryCard', $settings->useAlternateLibraryCard);
$validCards = [];
if ($settings->useAlternateLibraryCard) {
foreach ($usersWithCloudLibraryAccess as $userWithAccess) {
if (!empty($userWithAccess->alternateLibraryCard) && $driver->checkAuthentication($userWithAccess)) {
$validCards[] = $userWithAccess;
}
foreach ($usersWithCloudLibraryAccess as $userWithAccess) {
$userAltCardOptions = $userWithAccess->getHomeLibrary()->getAlternateLibraryCardOptions();
if ($userAltCardOptions['useAlternateLibraryCardForCloudLibrary'] && !empty($userWithAccess->alternateLibraryCard) && $driver->checkAuthentication($userWithAccess)) {
$validCards[] = $userWithAccess;
}
}
$interface->assign('validCards', $validCards);
Expand Down Expand Up @@ -172,11 +171,10 @@ function getCheckOutPrompts() {
$promptTitle = 'cloudLibrary Checkout Options';
$interface->assign('useAlternateLibraryCard', $settings->useAlternateLibraryCard);
$validCards = [];
if ($settings->useAlternateLibraryCard) {
foreach ($usersWithCloudLibraryAccess as $userWithAccess) {
if (!empty($userWithAccess->alternateLibraryCard) && $driver->checkAuthentication($userWithAccess)) {
$validCards[] = $userWithAccess;
}
foreach ($usersWithCloudLibraryAccess as $userWithAccess) {
$userAltCardOptions = $userWithAccess->getHomeLibrary()->getAlternateLibraryCardOptions();
if ($userAltCardOptions['useAlternateLibraryCardForCloudLibrary'] && !empty($userWithAccess->alternateLibraryCard) && $driver->checkAuthentication($userWithAccess)) {
$validCards[] = $userWithAccess;
}
}
$interface->assign('validCards', $validCards);
Expand Down
Loading