Bug 18275: Do not rely on CGI param userid to log a user in if auth is not required
[koha.git] / admin / fieldmapping.pl
blob05b5202f462b5cc713eb98a200a11feb2efc162b
1 #!/usr/bin/perl
2 # Copyright 2009 SARL BibLibre
4 # This file is part of Koha.
6 # Koha is free software; you can redistribute it and/or modify it
7 # under the terms of the GNU General Public License as published by
8 # the Free Software Foundation; either version 3 of the License, or
9 # (at your option) any later version.
11 # Koha is distributed in the hope that it will be useful, but
12 # WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 # GNU General Public License for more details.
16 # You should have received a copy of the GNU General Public License
17 # along with Koha; if not, see <http://www.gnu.org/licenses>.
19 use strict;
20 use warnings;
21 use CGI qw ( -utf8 );
22 use C4::Auth;
23 use C4::Biblio;
24 use C4::Koha;
25 use C4::Output;
27 my $query = new CGI;
29 my $framework = $query->param('framework') || "";
31 my $field = $query->param('fieldname');
32 my $fieldcode = $query->param('marcfield');
33 my $subfieldcode = $query->param('marcsubfield');
34 my $op = $query->param('op') || q{};
35 my $id = $query->param('id');
37 my ($template, $loggedinuser, $cookie)
38 = get_template_and_user({template_name => "admin/fieldmapping.tt",
39 query => $query,
40 type => "intranet",
41 authnotrequired => 0,
42 flagsrequired => {parameters => 'parameters_remaining_permissions'},
43 debug => 1,
44 });
46 # get framework list
47 my $frameworks = getframeworks();
48 my @frameworkloop;
49 my $selected;
50 my $frameworktext;
51 foreach my $thisframeworkcode (keys %$frameworks) {
52 if ($thisframeworkcode eq $framework){
53 $selected = 1;
54 $frameworktext = $frameworks->{$thisframeworkcode}->{'frameworktext'};
55 } else {
56 $selected = 0;
58 my %row =(value => $thisframeworkcode,
59 selected => $selected,
60 frameworktext => $frameworks->{$thisframeworkcode}->{'frameworktext'},
62 push @frameworkloop, \%row;
65 if($op eq "delete" and $id){
66 DeleteFieldMapping($id);
67 print $query->redirect("/cgi-bin/koha/admin/fieldmapping.pl?framework=".$framework);
68 exit;
71 # insert operation
72 if($field and $fieldcode){
73 SetFieldMapping($framework, $field, $fieldcode, $subfieldcode);
76 my $fieldloop = GetFieldMapping($framework);
78 $template->param( frameworkloop => \@frameworkloop,
79 framework => $framework,
80 frameworktext => $frameworktext,
81 fields => $fieldloop,
84 output_html_with_http_headers $query, $cookie, $template->output;