[Koha-bugs] [Bug 4188] Basketgroup print fails to generate a file

Tue May 4 18:05:25 CEST 2010

http://bugs.koha.org/cgi-bin/bugzilla3/show_bug.cgi?id=4188

--- Comment #7 from Galen Charlton <gmcharlt at gmail.com>  2010-05-04 16:05:25 ---
(In reply to comment #6)
> You have to upload the PDF in the OrderPdfTemplate syspref. This syspref is of
> the type 'upload', it can contain the whole pdf file, base64 encoded in a BLOB.
> 
> This way, users can customize their PDF (as long as they respect the differents
> layouts proposed by Koha)
> 
> Maybe patches are incomplete, or some of them have been lost in the trip?
> 
> I know that this sort of syspref is a bad idea, but I had no other : Paul asked
> to to NEVER let users upload real files on the server. I never understood why.
> In the PHP world we do it all the time (see Drupal) for exemple. Maybe because
> the security issues aren't the same when running as CGI or as apache module?
> 
> ...but I think we should not loose this feature wich might be usefull for some
> people. It just need to be documented. What do you think?
> 

Thanks for the explanation.  Unfortunately, the ability to upload PDF
templates, while something I am OK with in principle, has a severe limitation:
layout2pages.pm and layout3pages.pm currently hardcode absolute positions on
the template to place text from the order.  That means that only very trivial
changes to the templates could be made without forcing the user to edit the
Perl files.  If you make them do that, which would be a server-based operation,
they can just as well upload new PDF templates.

For 3.2, I will push a version of Frédéric's patch and hide the
OrderPdfTemplate syspref.  It can be revived in 3.4, hopefully with a better
templating engine such as PDF::Reuse underneath so that we can also get rid of
the hard-coded position in layout[23]pages.pm.

-- 
Configure bugmail: http://bugs.koha.org/cgi-bin/bugzilla3/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.