A couple web services introduced in the patch series
lacked authentication checks.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
#!/usr/bin/perl
+use Modern::Perl;
use CGI;
use C4::Context;
use C4::Serials::Numberpattern;
+use C4::Auth qw/check_cookie_auth/;
use URI::Escape;
-use strict;
-use warnings;
my $input = new CGI;
+my ($auth_status, $sessionID) = check_cookie_auth($input->cookie('CGISESSID'), { serials => '*' });
+if ($auth_status ne "ok") {
+ print $input->header(-type => 'text/plain', -status => '403 Forbidden');
+ exit 0;
+}
+
my $numberpattern;
foreach (qw/ numberingmethod label1 label2 label3 add1 add2 add3
every1 every2 every3 setto1 setto2 setto3 whenmorethan1 whenmorethan2
#!/usr/bin/perl
+use Modern::Perl;
use CGI;
use C4::Serials::Numberpattern;
+use C4::Auth qw/check_cookie_auth/;
use URI::Escape;
-use strict;
-use warnings;
my $input=new CGI;
+
+my ($auth_status, $sessionID) = check_cookie_auth($input->cookie('CGISESSID'), { serials => '*' });
+if ($auth_status ne "ok") {
+ print $input->header(-type => 'text/plain', -status => '403 Forbidden');
+ exit 0;
+}
+
my $numpatternid=$input->param("numberpattern_id");
my $numberpatternrecord=GetSubscriptionNumberpattern($numpatternid);