From 63f641daa6e382eac55c90dff89673dce6d69928 Mon Sep 17 00:00:00 2001 From: Marcel de Rooy Date: Mon, 24 Jan 2022 10:24:08 +0000 Subject: [PATCH] Bug 29931: Check cookie status before continuing Test plan: Logout from staff. Try to run plugins-enable (you should have some active plugin). Like: https://yourserver:staffport/cgi-bin/koha/plugins/plugins-enable.pl?class=Koha::Plugin::Test&method=enable Replace class and method as appropriate. Verify that with this patch, you will be redirected to 401 page. Signed-off-by: Marcel de Rooy Signed-off-by: Jonathan Druart Signed-off-by: Jonathan Druart Signed-off-by: Fridolin Somers --- plugins/plugins-enable.pl | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/plugins/plugins-enable.pl b/plugins/plugins-enable.pl index 146fae96ad..79cd88af88 100755 --- a/plugins/plugins-enable.pl +++ b/plugins/plugins-enable.pl @@ -27,8 +27,11 @@ die("Koha plugins are disabled!") unless C4::Context->config("enable_plugins"); my $input = CGI->new; -my ( $auth_status ) = - check_cookie_auth( $input->cookie('CGISESSID'), { plugins => 'manage' } ); +my ( $auth_status ) = check_cookie_auth( $input->cookie('CGISESSID'), { plugins => 'manage' } ); +if( $auth_status ne 'ok' ) { + print CGI::header( '-status' => '401' ); + exit 0; +} my $class = $input->param('class'); my $method = $input->param('method'); -- 2.39.5