X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;f=opac%2Fopac-patron-image.pl;h=eab6abc0b76e270c4b0019974471137f9025d996;hb=9c5e40e4923179bf0b2b630d3e09797dc4c1fdb0;hp=1935beab0f9960cfd5acda123c7db2e34523c464;hpb=6eb021ab0e113e2b6b897c89475f1eadc7a2c15b;p=koha.git

diff --git a/opac/opac-patron-image.pl b/opac/opac-patron-image.pl
index 1935beab0f..eab6abc0b7 100755
--- a/opac/opac-patron-image.pl
+++ b/opac/opac-patron-image.pl
@@ -21,28 +21,24 @@
 use strict;
 use warnings;
 use C4::Members;
-use C4::Auth;
-my $query = new CGI;
+use CGI;
+use CGI::Cookie;  # need to check cookies before having CGI parse the POST request
+use C4::Auth qw(:DEFAULT check_cookie_auth);
 
-my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
-    {
-          template_name   => "opac-userupdate.tt",
-          query           => $query,
-          type            => "opac",
-          authnotrequired => 0,
-          flagsrequired   => { borrow => 1 },
-          debug           => 1,
-    }
-);
+my $query = new CGI;
 
 unless (C4::Context->preference('OPACpatronimages')) {
     print $query->header(status => '403 Forbidden - displaying patron images in the OPAC not enabled');
     exit;
 }
 
-my ($borrower)=GetMember('borrowernumber' => $borrowernumber);
-my $cardnumber = $borrower->{'cardnumber'};
-my ($imagedata, $dberror) = GetPatronImage($cardnumber);
+my $needed_flags;
+my %cookies = fetch CGI::Cookie;
+my $sessid = $cookies{'CGISESSID'}->value;
+my ($auth_status, $auth_sessid) = check_cookie_auth($sessid, $needed_flags);
+my $borrowernumber = C4::Context->userenv->{'number'};
+
+my ($imagedata, $dberror) = GetPatronImage($borrowernumber);
 
 if ($dberror) {
     print $query->header(status => '500 internal error');