[Koha-cvs] koha pay.pl [rel_2_2]

[paul poulain]

CVSROOT:	/cvsroot/koha
Module name:	koha
Branch:		rel_2_2
Changes by:	paul poulain <tipaul>	07/04/30 10:18:50

Modified files:
	.              : pay.pl 

Log message:
	moving template opening on the top, for permission checking (security fix)

CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/koha/pay.pl?cvsroot=koha&only_with_tag=rel_2_2&r1=1.9.2.5&r2=1.9.2.6

Patches:
Index: pay.pl
===================================================================
RCS file: /cvsroot/koha/koha/Attic/pay.pl,v
retrieving revision 1.9.2.5
retrieving revision 1.9.2.6
diff -u -b -r1.9.2.5 -r1.9.2.6
--- pay.pl	5 Feb 2006 21:59:20 -0000	1.9.2.5
+++ pay.pl	30 Apr 2007 10:18:50 -0000	1.9.2.6
@@ -2,7 +2,7 @@
 # WARNING: Not enough context to figure out the correct tabstop size
 # WARNING: Assume that this file uses 4-character tabs
 
-# $Id: pay.pl,v 1.9.2.5 2006/02/05 21:59:20 kados Exp $
+# $Id: pay.pl,v 1.9.2.6 2007/04/30 10:18:50 tipaul Exp $
 
 #written 11/1/2000 by chris at katipo.oc.nz
 #part of the koha library system, script to facilitate paying off fines
@@ -37,6 +37,15 @@
 
 my $input=new CGI;
 
+my($template, $loggedinuser, $cookie)
+    = get_template_and_user ({ template_name => "members/pay.tmpl",
+                    query => $input,
+                    type => "intranet",
+                    authnotrequired => 0,
+                    flagsrequired => {borrowers => 1},
+                    debug => 1,
+                    });
+
 #print $input->header;
 my $bornum=$input->param('bornum');
 if ($bornum eq ''){
@@ -80,14 +89,6 @@
 $env{'branchcode'}=$user;
 my $total=$input->param('total');
 if ($check ==0){
-	my($template, $loggedinuser, $cookie)
-		= get_template_and_user ({ template_name => "members/pay.tmpl",
-					   query => $input,
-					   type => "intranet",
-					   authnotrequired => 0,
-					   flagsrequired => {borrowers => 1},
-					   debug => 1,
-					 });
 	if ($total ne ''){
 		recordpayment(\%env,$bornum,$total);
 	}