From 42024a93c8d5074bf287cdf000f2752baefc62b2 Mon Sep 17 00:00:00 2001 From: Fridolin Somers Date: Tue, 23 Jun 2015 16:45:21 +0200 Subject: [PATCH] Bug 14440: get_template_and_user can not have an empty template_name (updatesupplier.pl) Since Bug 14408, the method get_template_and_user can not have an empty template_name. Pages calling with an empty value should use C4::Auth::checkauth() This patch corrects acqui/updatesupplier.pl Test plan : - Apply patch - Connect to intranet with a user having "vendors_manage" permission - Go to acquisition module - Create a new vendor - Click on "Edit vendor" - Change some information and save => Your change is saved - Connect to intranet with a user not having "vendors_manage" permission - Try to access /cgi-bin/koha/acqui/updatesupplier.pl => Access is denied - Disconnect from intranet - Try to access /cgi-bin/koha/acqui/updatesupplier.pl => Access is denied Signed-off-by: Indranil Das Gupta (L2C2 Technologies) Signed-off-by: Tomas Cohen Arazi Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 015c26a5e36dae5070eab57f400237715d93ae44) Signed-off-by: Chris Cormack --- acqui/updatesupplier.pl | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/acqui/updatesupplier.pl b/acqui/updatesupplier.pl index 65093d8ba2..c064f766fc 100755 --- a/acqui/updatesupplier.pl +++ b/acqui/updatesupplier.pl @@ -59,15 +59,8 @@ use C4::Output; use CGI qw ( -utf8 ); my $input=new CGI; -my ($template, $loggedinuser, $cookie) = get_template_and_user( - { template_name => "", - query => $input, - type => "intranet", - authnotrequired => 0, - flagsrequired => { acquisition => 'vendors_manage' }, - debug => 1, - } -); + +checkauth( $input, 0, { acquisition => 'vendors_manage' }, 'intranet' ); #print $input->header(); my $booksellerid=$input->param('booksellerid'); -- 2.39.5