From 5514a673e8810f6ebfc8d7312994a02cbf74a54d Mon Sep 17 00:00:00 2001 From: Tomas Cohen Arazi Date: Tue, 16 Jul 2024 12:43:39 -0300 Subject: [PATCH] Bug 37370: Return 400 if OpacExportOptions does not contain the passed format Signed-off-by: Tomas Cohen Arazi Signed-off-by: David Cook Signed-off-by: Nick Clemens Signed-off-by: Tomas Cohen Arazi --- opac/opac-export.pl | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/opac/opac-export.pl b/opac/opac-export.pl index 1b0fdad59a..d0e5bf1203 100755 --- a/opac/opac-export.pl +++ b/opac/opac-export.pl @@ -33,6 +33,8 @@ use C4::Ris qw( marc2ris ); use Koha::Biblios; use Koha::RecordProcessor; +use List::MoreUtils qw(none); + my $query = CGI->new; my $op=$query->param("op")||''; #op=export is currently the only use my $format=$query->param("format")||'utf8'; @@ -40,6 +42,14 @@ my $biblionumber = $query->param("bib")||0; $biblionumber = int($biblionumber); my $error = q{}; +my @valid_formats = split( ',', C4::Context->preference('OpacExportOptions') // '' ); +if ( !scalar @valid_formats || none { $format eq $_ } @valid_formats ) { + # bad request: either the feature is disabled, or requested a format the + # library hasn't made available + print $query->redirect("/cgi-bin/koha/errors/400.pl"); + exit; +} + # Determine logged in user's patron category. # Blank if not logged in. my $userenv = C4::Context->userenv; -- 2.39.5