[Koha-cvs] koha pay.pl [R_2-2-7-1]

Tue Mar 6 16:17:18 CET 2007

CVSROOT:	/sources/koha
Module name:	koha
Branch:		R_2-2-7-1
Changes by:	paul poulain <tipaul>	07/03/06 15:17:18

Modified files:
	.              : pay.pl 

Log message:
	security hole fix : checking perms before paying !

CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/koha/pay.pl?cvsroot=koha&only_with_tag=R_2-2-7-1&r1=1.9.2.5&r2=1.9.2.5.6.1

Patches:
Index: pay.pl
===================================================================
RCS file: /sources/koha/koha/Attic/pay.pl,v
retrieving revision 1.9.2.5
retrieving revision 1.9.2.5.6.1
diff -u -b -r1.9.2.5 -r1.9.2.5.6.1

--- pay.pl	5 Feb 2006 21:59:20 -0000	1.9.2.5
+++ pay.pl	6 Mar 2007 15:17:18 -0000	1.9.2.5.6.1
@@ -2,7 +2,7 @@
 # WARNING: Not enough context to figure out the correct tabstop size
 # WARNING: Assume that this file uses 4-character tabs
 
-# $Id: pay.pl,v 1.9.2.5 2006/02/05 21:59:20 kados Exp $
+# $Id: pay.pl,v 1.9.2.5.6.1 2007/03/06 15:17:18 tipaul Exp $
 
 #written 11/1/2000 by chris at katipo.oc.nz
 #part of the koha library system, script to facilitate paying off fines
@@ -37,6 +37,15 @@
 
 my $input=new CGI;
 
+my($template, $loggedinuser, $cookie)
+    = get_template_and_user ({ template_name => "members/pay.tmpl",
+                    query => $input,
+                    type => "intranet",
+                    authnotrequired => 0,
+                    flagsrequired => {borrowers => 1},
+                    debug => 1,
+                    });
+
 #print $input->header;
 my $bornum=$input->param('bornum');
 if ($bornum eq ''){
@@ -80,14 +89,6 @@
 $env{'branchcode'}=$user;
 my $total=$input->param('total');
 if ($check ==0){
-	my($template, $loggedinuser, $cookie)
-		= get_template_and_user ({ template_name => "members/pay.tmpl",
-					   query => $input,
-					   type => "intranet",
-					   authnotrequired => 0,
-					   flagsrequired => {borrowers => 1},
-					   debug => 1,
-					 });
 	if ($total ne ''){
 		recordpayment(\%env,$bornum,$total);
 	}



