From 241a091f59757c170b159df4335e3bbf9eeb6c99 Mon Sep 17 00:00:00 2001 From: Galen Charlton Date: Wed, 30 Oct 2013 02:51:11 +0000 Subject: [PATCH] bug 7688: (follow-up) add authentication checking A couple web services introduced in the patch series lacked authentication checks. Signed-off-by: Galen Charlton --- serials/create-numberpattern.pl | 10 ++++++++-- serials/subscription-numberpattern.pl | 11 +++++++++-- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/serials/create-numberpattern.pl b/serials/create-numberpattern.pl index 8aa967e7f3..9bf2300524 100755 --- a/serials/create-numberpattern.pl +++ b/serials/create-numberpattern.pl @@ -1,14 +1,20 @@ #!/usr/bin/perl +use Modern::Perl; use CGI; use C4::Context; use C4::Serials::Numberpattern; +use C4::Auth qw/check_cookie_auth/; use URI::Escape; -use strict; -use warnings; my $input = new CGI; +my ($auth_status, $sessionID) = check_cookie_auth($input->cookie('CGISESSID'), { serials => '*' }); +if ($auth_status ne "ok") { + print $input->header(-type => 'text/plain', -status => '403 Forbidden'); + exit 0; +} + my $numberpattern; foreach (qw/ numberingmethod label1 label2 label3 add1 add2 add3 every1 every2 every3 setto1 setto2 setto3 whenmorethan1 whenmorethan2 diff --git a/serials/subscription-numberpattern.pl b/serials/subscription-numberpattern.pl index c54f2648a3..4cd280a370 100755 --- a/serials/subscription-numberpattern.pl +++ b/serials/subscription-numberpattern.pl @@ -1,12 +1,19 @@ #!/usr/bin/perl +use Modern::Perl; use CGI; use C4::Serials::Numberpattern; +use C4::Auth qw/check_cookie_auth/; use URI::Escape; -use strict; -use warnings; my $input=new CGI; + +my ($auth_status, $sessionID) = check_cookie_auth($input->cookie('CGISESSID'), { serials => '*' }); +if ($auth_status ne "ok") { + print $input->header(-type => 'text/plain', -status => '403 Forbidden'); + exit 0; +} + my $numpatternid=$input->param("numberpattern_id"); my $numberpatternrecord=GetSubscriptionNumberpattern($numpatternid); -- 2.20.1