Bug 20701: Add csrf protection to mancredit.pl

[koha.git] / members / update-child.pl

diff --git a/members/update-child.pl b/members/update-child.pl
index 5d50d93..cc942e2 100755 (executable)
--- a/members/update-child.pl
+++ b/members/update-child.pl
@@ -26,13 +26,13 @@
 
 =cut
 
-use strict;
-#use warnings; FIXME - Bug 2505
+use Modern::Perl;
 use CGI qw ( -utf8 );
 use C4::Context;
 use C4::Auth;
 use C4::Output;
 use C4::Members;
+use Koha::Patrons;
 use Koha::Patron::Categories;
 
 # use Smart::Comments;
@@ -46,7 +46,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
         query           => $input,
         type            => "intranet",
         authnotrequired => 0,
-        flagsrequired   => { borrowers => 1 },
+        flagsrequired   => { borrowers => 'edit_borrowers' },
         debug           => 1,
     }
 );
@@ -57,6 +57,8 @@ my $cattype        = $input->param('cattype');
 my $catcode_multi = $input->param('catcode_multi');
 my $op             = $input->param('op');
 
+my $logged_in_user = Koha::Patrons->find( $loggedinuser ) or die "Not logged in";
+
 if ( $op eq 'multi' ) {
     # FIXME - what are the possible upgrade paths?  C -> A , C -> S ...
     #   currently just allowing C -> A
@@ -71,7 +73,10 @@ if ( $op eq 'multi' ) {
 }
 
 elsif ( $op eq 'update' ) {
-    my $member = GetMember('borrowernumber'=>$borrowernumber);
+    my $patron         = Koha::Patrons->find( $borrowernumber );
+    output_and_exit_if_error( $input, $cookie, $template, { module => 'members', logged_in_user => $logged_in_user, current_patron => $patron } );
+
+    my $member = $patron->unblessed;
     $member->{'guarantorid'}  = 0;
     $member->{'categorycode'} = $catcode;
     my $borcat = Koha::Patron::Categories->find($catcode);