Bug 6641 -- Specially crafted URL can allow unauthorized download of MARC files from...

Making sure permissions are checked on download of MARC files from staff client

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

diff --git a/catalogue/export.pl b/catalogue/export.pl
index 9bd49de..3efdb21 100755 (executable)
--- a/catalogue/export.pl
+++ b/catalogue/export.pl
@@ -8,9 +8,19 @@ use C4::Auth;
 use C4::Output;
 use C4::Biblio;
 use CGI;
-use C4::Auth;
+
+
 
 my $query = new CGI;
+my ( $template, $loggedinuser, $cookie ) = get_template_and_user({
+                                                                     template_name   => "tools/export.tt",
+                                                                     query           => $query,
+                                                                     type            => "intranet",
+                                                                     authnotrequired => 0,
+                                                                     flagsrequired   => { tools => 'export_catalog' },
+                                                                     debug           => 1,
+                                                                     });
+
 my $op=$query->param("op");
 my $format=$query->param("format");
 if ($op eq "export") {