Koha-community/Koha
15
7
Fork 0
Code Issues Releases Wiki Activity

Bug 29931: Check cookie status before continuing

Browse source 
Test plan:
Logout from staff.
Try to run plugins-enable (you should have some active plugin).
Like: https://yourserver:staffport/cgi-bin/koha/plugins/plugins-enable.pl?class=Koha::Plugin::Test&method=enable
Replace class and method as appropriate.
Verify that with this patch, you will be redirected to 401 page.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This commit is contained in:
Marcel de Rooy 2022-01-24 10:24:08 +00:00 committed by Kyle Hall
parent e309da639f
commit 244e798a51
1 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
plugins/plugins-enable.pl
View file

@ -27,8 +27,11 @@ die("Koha plugins are disabled!") unless C4::Context->config("enable_plugins");
my $input = CGI->new;
my ( $auth_status ) =
check_cookie_auth( $input->cookie('CGISESSID'), { plugins => 'manage' } );
my ( $auth_status ) = check_cookie_auth( $input->cookie('CGISESSID'), { plugins => 'manage' } );
if( $auth_status ne 'ok' ) {
print CGI::header( '-status' => '401' );
exit 0;
}
my $class = $input->param('class');
my $method = $input->param('method');