-my $biblio = GetBiblioData($biblionumber);
-my $savedreview = getreview($biblionumber,$borrowernumber);
-my ($clean, @errors);
-if (defined $review) {
+my ( $clean, @errors, $savedreview );
+my $biblio = Koha::Biblios->find( $biblionumber );
+
+if( !$biblio ) {
+ push @errors, { nobiblio => 1 };
+} elsif( $reviewid ) { # edit existing one, check on creator
+ $savedreview = Koha::Reviews->search({ reviewid => $reviewid, borrowernumber => $borrowernumber })->next;
+ push @errors, { unauthorized => 1 } if !$savedreview;
+} else { # this check prevents adding multiple comments
+ # FIXME biblionumber, borrowernumber should be a unique key of reviews
+ $savedreview = Koha::Reviews->search({ biblionumber => $biblionumber, borrowernumber => $borrowernumber })->next;
+ $review = $savedreview? $savedreview->review: $review;
+}
+
+if( !@errors && defined $review ) {