X-Git-Url: http://koha-dev.rot13.org:8081/gitweb/?a=blobdiff_plain;f=opac%2Fopac-article-request-cancel.pl;h=e926a5f50669af3abf435922b370b5857d2bd881;hb=9d9ecdc49b4cb71aba99a7d7ca8bc89d426f7ca1;hp=baaa0ae7c9a6b4a1753f17f8be954c259b1afac8;hpb=81a04af27804621609004dc370284413baa5caa2;p=koha-ffzg.git

diff --git a/opac/opac-article-request-cancel.pl b/opac/opac-article-request-cancel.pl
index baaa0ae7c9..e926a5f506 100755
--- a/opac/opac-article-request-cancel.pl
+++ b/opac/opac-article-request-cancel.pl
@@ -22,26 +22,33 @@ use Modern::Perl;
 use CGI qw ( -utf8 );
 
 use C4::Output;
-use C4::Auth;
+use C4::Auth qw( get_template_and_user );
 use Koha::ArticleRequests;
 
-my $query = new CGI;
+my $query = CGI->new;
 
 my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
     {
         template_name   => "opac-account.tt",
         query           => $query,
         type            => "opac",
-        authnotrequired => 0,
-        debug           => 1,
     }
 );
 
 my $id = $query->param('id');
 
-if ( $id && $borrowernumber ) {
+if ( $id ) {
     my $ar = Koha::ArticleRequests->find( $id );
-    $ar->cancel() if $ar;
+    if ( !$ar ) {
+        print $query->redirect("/cgi-bin/koha/errors/404.pl");
+        exit;
+    }
+    elsif ( $ar->borrowernumber != $borrowernumber ) {
+        print $query->redirect("/cgi-bin/koha/errors/403.pl");
+        exit;
+    }
+
+    $ar->cancel();
 }
 
 print $query->redirect("/cgi-bin/koha/opac-user.pl#opac-user-article-requests");