koha-cvs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Koha-cvs] koha pay.pl [rel_2_2]

From: paul poulain
Subject: [Koha-cvs] koha pay.pl [rel_2_2]
Date: Mon, 30 Apr 2007 10:18:50 +0000 
CVSROOT:        /cvsroot/koha
Module name:    koha
Branch:         rel_2_2
Changes by:     paul poulain <tipaul>   07/04/30 10:18:50

Modified files:
        .              : pay.pl 

Log message:
        moving template opening on the top, for permission checking (security 
fix)

CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/koha/pay.pl?cvsroot=koha&only_with_tag=rel_2_2&r1=1.9.2.5&r2=1.9.2.6

Patches:
Index: pay.pl
===================================================================
RCS file: /cvsroot/koha/koha/Attic/pay.pl,v
retrieving revision 1.9.2.5
retrieving revision 1.9.2.6
diff -u -b -r1.9.2.5 -r1.9.2.6
--- pay.pl      5 Feb 2006 21:59:20 -0000       1.9.2.5
+++ pay.pl      30 Apr 2007 10:18:50 -0000      1.9.2.6
@@ -2,7 +2,7 @@
 # WARNING: Not enough context to figure out the correct tabstop size
 # WARNING: Assume that this file uses 4-character tabs
 
-# $Id: pay.pl,v 1.9.2.5 2006/02/05 21:59:20 kados Exp $
+# $Id: pay.pl,v 1.9.2.6 2007/04/30 10:18:50 tipaul Exp $
 
 #written 11/1/2000 by address@hidden
 #part of the koha library system, script to facilitate paying off fines
@@ -37,6 +37,15 @@
 
 my $input=new CGI;
 
+my($template, $loggedinuser, $cookie)
+    = get_template_and_user ({ template_name => "members/pay.tmpl",
+                    query => $input,
+                    type => "intranet",
+                    authnotrequired => 0,
+                    flagsrequired => {borrowers => 1},
+                    debug => 1,
+                    });
+
 #print $input->header;
 my $bornum=$input->param('bornum');
 if ($bornum eq ''){
@@ -80,14 +89,6 @@
 $env{'branchcode'}=$user;
 my $total=$input->param('total');
 if ($check ==0){
-       my($template, $loggedinuser, $cookie)
-               = get_template_and_user ({ template_name => "members/pay.tmpl",
-                                          query => $input,
-                                          type => "intranet",
-                                          authnotrequired => 0,
-                                          flagsrequired => {borrowers => 1},
-                                          debug => 1,
-                                        });
        if ($total ne ''){
                recordpayment(\%env,$bornum,$total);
        }
reply via email to
[Prev in Thread] Current Thread [Next in Thread]