[Koha-patches] [PATCH 1/2] bug 4816: require authentication for placerequest.pl
Galen Charlton
gmcharlt at gmail.com
Wed May 26 05:27:20 CEST 2010
Otherwise, it was possible to construct a URL to place
hold requests without authorization.
Signed-off-by: Galen Charlton <gmcharlt at gmail.com>
---
reserve/placerequest.pl | 8 +++++---
1 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/reserve/placerequest.pl b/reserve/placerequest.pl
index 36f8ecd..bc3fc74 100755
--- a/reserve/placerequest.pl
+++ b/reserve/placerequest.pl
@@ -23,17 +23,19 @@
use strict;
use warnings;
+
+use CGI;
use C4::Biblio;
use C4::Items;
-use CGI;
use C4::Output;
use C4::Reserves;
use C4::Circulation;
use C4::Members;
+use C4::Auth qw/checkauth/;
-my $input = new CGI;
-#print $input->header;
+my $input = CGI->new();
+my ($user, $cookie, $sesion_id, $flags) = checkauth($input, 0, { reserveforothers => 'place_holds' }, 'intranet');
my @bibitems=$input->param('biblioitem');
# FIXME I think reqbib does not exist anymore, it's used in line 82, to AddReserve of contraint type 'o'
--
1.7.0
More information about the Koha-patches
mailing list