Bug 7180: (follow-up) require an authenticated session to use the AJAX authval dropbox

Signed-off-by: Galen Charlton <gmc@esilibrary.com>

diff --git a/acqui/ajax-getauthvaluedropbox.pl b/acqui/ajax-getauthvaluedropbox.pl
index a655e22..6f5d2d5 100755 (executable)
--- a/acqui/ajax-getauthvaluedropbox.pl
+++ b/acqui/ajax-getauthvaluedropbox.pl
@@ -50,6 +50,17 @@ use Modern::Perl;
 use CGI;
 use C4::Budgets;
 use C4::Charset;
+use C4::Auth qw/check_api_auth/;
+
+my $query = CGI->new();
+binmode STDOUT, ':encoding(UTF-8)';
+
+my ($status, $cookie, $sessionID) = check_api_auth($query, { catalogue => '*'} );
+unless ($status eq "ok") {
+    print $query->header(-type => 'text/plain', -status => '403 Forbidden');
+    print '<option></option>';
+    exit 0;
+}
 
 my $input = new CGI;
 my $name = $input->param('name');