Previously GetAllIssues was called before authenticating. Given how expensive
GetAllIssues is, this is problematic and could be used for used for DOSing the
server. There should be no functional change from this patch.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
my $borrowernumber = undef;
my $cardnumber = undef;
my $borrowernumber = undef;
my $cardnumber = undef;
+my ($template, $loggedinuser, $cookie)= get_template_and_user({template_name => "members/readingrec.tmpl",
+ query => $input,
+ type => "intranet",
+ authnotrequired => 0,
+ flagsrequired => {borrowers => 1},
+ debug => 1,
+ });
+
if ($input->param('cardnumber')) {
$cardnumber = $input->param('cardnumber');
$data = GetMember(cardnumber => $cardnumber);
if ($input->param('cardnumber')) {
$cardnumber = $input->param('cardnumber');
$data = GetMember(cardnumber => $cardnumber);
my $limit = 0;
my ( $issues ) = GetAllIssues($borrowernumber,$order,$limit);
my $limit = 0;
my ( $issues ) = GetAllIssues($borrowernumber,$order,$limit);
-my ($template, $loggedinuser, $cookie)= get_template_and_user({template_name => "members/readingrec.tmpl",
- query => $input,
- type => "intranet",
- authnotrequired => 0,
- flagsrequired => {borrowers => 1},
- debug => 1,
- });
-
my @loop_reading;
foreach my $issue (@{$issues}){
my @loop_reading;
foreach my $issue (@{$issues}){