Bug 14310 [QA Followup] - Use output_with_http_headers, return 403s

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>

diff --git a/svc/hold/resume b/svc/hold/resume
index 52f3508..ca7eec2 100755 (executable)
--- a/svc/hold/resume
+++ b/svc/hold/resume
@@ -23,6 +23,7 @@ use CGI;
 use JSON qw(to_json);
 
 use C4::Context;
+use C4::Output qw(output_with_http_headers);
 use C4::Auth qw(check_cookie_auth);
 use Koha::DateUtils qw(dt_from_string);
 use Koha::Holds;
@@ -30,25 +31,24 @@ use Koha::Holds;
 my $input = new CGI;
 
 my ( $auth_status, $sessionID ) =
-  check_cookie_auth( $input->cookie('CGISESSID'),
-    { circulate => 'circulate_remaining_permissions' } );
+  check_cookie_auth( $input->cookie('CGISESSID'), { circulate => 'circulate_remaining_permissions' } );
 
 if ( $auth_status ne "ok" ) {
+    print $input->header(-type => 'text/plain', -status => '403 Forbidden');
     exit 0;
 }
 
-binmode STDOUT, ":encoding(UTF-8)";
-print $input->header( -type => 'text/json', -charset => 'UTF-8' );
-
 my $reserve_id = $input->param('reserve_id');
 
 my $hold = Koha::Holds->find( $reserve_id );
 
 unless ( $hold ) {
-    print to_json( { success => 0, error => "HOLD_NOT_FOUND" } );
+    my $json = to_json( { success => 0, error => "HOLD_NOT_FOUND" } );
+    output_with_http_headers( $input, undef, $json, "json" );
     exit;
 }
 
 $hold->resume();
 
-print to_json( { success => !$hold->suspend() } );
+my $json = to_json( { success => !$hold->suspend() } );
+output_with_http_headers( $input, undef, $json, "json" );

diff --git a/svc/hold/suspend b/svc/hold/suspend
index bd5382b..371debc 100755 (executable)
--- a/svc/hold/suspend
+++ b/svc/hold/suspend
@@ -23,6 +23,7 @@ use CGI;
 use JSON qw(to_json);
 
 use C4::Context;
+use C4::Output qw(output_with_http_headers);
 use C4::Auth qw(check_cookie_auth);
 use Koha::DateUtils qw(dt_from_string);
 use Koha::Holds;
@@ -33,12 +34,10 @@ my ( $auth_status, $sessionID ) =
   check_cookie_auth( $input->cookie('CGISESSID'), { circulate => 'circulate_remaining_permissions' } );
 
 if ( $auth_status ne "ok" ) {
+    print $input->header(-type => 'text/plain', -status => '403 Forbidden');
     exit 0;
 }
 
-binmode STDOUT, ":encoding(UTF-8)";
-print $input->header( -type => 'text/json', -charset => 'UTF-8' );
-
 my $reserve_id = $input->param('reserve_id');
 
 my $suspend_until = $input->param('suspend_until') || undef;
@@ -46,17 +45,20 @@ if ($suspend_until) {
     eval { $suspend_until = dt_from_string($suspend_until) };
 
     if ($@) {
-        print to_json( { success => 0, error => 'INVALID_DATE' } );
+        my $json = to_json( { success => 0, error => 'INVALID_DATE' } );
+        output_with_http_headers( $input, undef, $json, "json" );
         exit;
     }
 }
 
 my $hold = Koha::Holds->find($reserve_id);
 unless ($hold) {
-    print to_json( { success => 0, error => 'HOLD_NOT_FOUND' } );
+    my $json = to_json( { success => 0, error => 'HOLD_NOT_FOUND' } );
+    output_with_http_headers( $input, undef, $json, "json" );
     exit;
 }
 
 $hold->suspend_hold($suspend_until);
 
-print to_json( { success => $hold->suspend() } );
+my $json = to_json( { success => $hold->suspend() } );
+output_with_http_headers( $input, undef, $json, "json" );