[Koha-patches] [PATCH 12/12] Bug 6641 -- Specially crafted URL can allow unauthorized download of MARC files from staff client
Liz Rea
lrea at nekls.org
Thu Jul 28 23:16:44 CEST 2011
Making sure permissions are checked on download of MARC files from staff client
---
catalogue/export.pl | 12 +++++++++++-
1 files changed, 11 insertions(+), 1 deletions(-)
diff --git a/catalogue/export.pl b/catalogue/export.pl
index 9bd49de..3efdb21 100755
--- a/catalogue/export.pl
+++ b/catalogue/export.pl
@@ -8,9 +8,19 @@ use C4::Auth;
use C4::Output;
use C4::Biblio;
use CGI;
-use C4::Auth;
+
+
my $query = new CGI;
+my ( $template, $loggedinuser, $cookie ) = get_template_and_user({
+ template_name => "tools/export.tt",
+ query => $query,
+ type => "intranet",
+ authnotrequired => 0,
+ flagsrequired => { tools => 'export_catalog' },
+ debug => 1,
+ });
+
my $op=$query->param("op");
my $format=$query->param("format");
if ($op eq "export") {
--
1.7.2.5
More information about the Koha-patches
mailing list