[Koha-cvs] koha pay.pl [R

koha-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Koha-cvs] koha pay.pl [R_2-2-7-1]

From:	paul poulain
Subject:	[Koha-cvs] koha pay.pl [R_2-2-7-1]
Date:	Tue, 06 Mar 2007 15:17:18 +0000

CVSROOT:        /sources/koha
Module name:    koha
Branch:         R_2-2-7-1
Changes by:     paul poulain <tipaul>   07/03/06 15:17:18

Modified files:
        .              : pay.pl 

Log message:
        security hole fix : checking perms before paying !

CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/koha/pay.pl?cvsroot=koha&only_with_tag=R_2-2-7-1&r1=1.9.2.5&r2=1.9.2.5.6.1

Patches:
Index: pay.pl
===================================================================
RCS file: /sources/koha/koha/Attic/pay.pl,v
retrieving revision 1.9.2.5
retrieving revision 1.9.2.5.6.1
diff -u -b -r1.9.2.5 -r1.9.2.5.6.1
--- pay.pl      5 Feb 2006 21:59:20 -0000       1.9.2.5
+++ pay.pl      6 Mar 2007 15:17:18 -0000       1.9.2.5.6.1
@@ -2,7 +2,7 @@
 # WARNING: Not enough context to figure out the correct tabstop size
 # WARNING: Assume that this file uses 4-character tabs
 
-# $Id: pay.pl,v 1.9.2.5 2006/02/05 21:59:20 kados Exp $
+# $Id: pay.pl,v 1.9.2.5.6.1 2007/03/06 15:17:18 tipaul Exp $
 
 #written 11/1/2000 by address@hidden
 #part of the koha library system, script to facilitate paying off fines
@@ -37,6 +37,15 @@
 
 my $input=new CGI;
 
+my($template, $loggedinuser, $cookie)
+    = get_template_and_user ({ template_name => "members/pay.tmpl",
+                    query => $input,
+                    type => "intranet",
+                    authnotrequired => 0,
+                    flagsrequired => {borrowers => 1},
+                    debug => 1,
+                    });
+
 #print $input->header;
 my $bornum=$input->param('bornum');
 if ($bornum eq ''){
@@ -80,14 +89,6 @@
 $env{'branchcode'}=$user;
 my $total=$input->param('total');
 if ($check ==0){
-       my($template, $loggedinuser, $cookie)
-               = get_template_and_user ({ template_name => "members/pay.tmpl",
-                                          query => $input,
-                                          type => "intranet",
-                                          authnotrequired => 0,
-                                          flagsrequired => {borrowers => 1},
-                                          debug => 1,
-                                        });
        if ($total ne ''){
                recordpayment(\%env,$bornum,$total);
        }

[Prev in Thread]

Current Thread

[Next in Thread]

[Koha-cvs] koha pay.pl [R_2-2-7-1], paul poulain <=

Prev by Date: [Koha-cvs] koha/updater updatedatabase [R_2-2-7-1]
Next by Date: [Koha-cvs] koha/z3950 search.pl [R_2-2-7-1]
Previous by thread: [Koha-cvs] koha/updater updatedatabase [R_2-2-7-1]
Next by thread: [Koha-cvs] koha/z3950 search.pl [R_2-2-7-1]
Index(es):
- Date
- Thread