X-Git-Url: http://koha-dev.rot13.org:8081/gitweb/?a=blobdiff_plain;f=admin%2Fimport_export_framework.pl;h=2a95c45014205c1e3c0a9ce0f3b7490b533d8c1d;hb=d8b7e635e01175bcb4c90777ee3e080d4301db79;hp=8674ebf61962dfc432e453336a5b3e1ec2f7a06d;hpb=7aa3a055914d4c8757455898208848619f5aaec5;p=koha_fer

diff --git a/admin/import_export_framework.pl b/admin/import_export_framework.pl
index 8674ebf619..2a95c45014 100755
--- a/admin/import_export_framework.pl
+++ b/admin/import_export_framework.pl
@@ -21,11 +21,31 @@
 use strict;
 use warnings;
 use CGI;
+use CGI::Cookie;
 use C4::Context;
+use C4::Auth qw/check_cookie_auth/;
 use C4::ImportExportFramework;
 
+my %cookies = CGI::Cookie->fetch();
+my $authenticated = 0;
+my ($auth_status, $sessionID);
+if (exists $cookies{'CGISESSID'}) {
+    ($auth_status, $sessionID) = check_cookie_auth(
+        $cookies{'CGISESSID'}->value,
+        { parameters => 'parameters_remaining_permissions' },
+    );
+}
+if ($auth_status eq 'ok') {
+    $authenticated = 1;
+}
+
 my $input = new CGI;
 
+unless ($authenticated) {
+    print $input->header(-type => 'text/plain', -status => '403 Forbidden');
+    exit 0;
+}
+
 my $frameworkcode = $input->param('frameworkcode') || '';
 my $action = $input->param('action') || 'export';
 
@@ -38,10 +58,6 @@ if ($action eq 'export' && $input->request_method() eq 'GET') {
         # CSV file
         print $input->header(-type => 'application/vnd.ms-excel', -attachment => 'export_' . $frameworkcode . '.csv');
         print $strXml;
-    } elsif ($format eq 'sql') {
-        # SQL file
-        print $input->header(-type => 'text/plain', -attachment => 'export_' . $frameworkcode . '.sql');
-        print $strXml;
     } elsif ($format eq 'excel') {
         # Excel-xml file
         print $input->header(-type => 'application/excel', -attachment => 'export_' . $frameworkcode . '.xml');
@@ -59,7 +75,7 @@ if ($action eq 'export' && $input->request_method() eq 'GET') {
     my $fieldname = 'file_import_' . $frameworkcode;
     my $filename = $input->param($fieldname);
     # upload the input file
-    if ($filename && $filename =~ /\.(csv|ods|xml|sql)$/i) {
+    if ($filename && $filename =~ /\.(csv|ods|xml)$/i) {
         my $extension = $1;
         my $uploadFd = $input->upload($fieldname);
         if ($uploadFd && !$input->cgi_error) {