koha-cvs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Koha-cvs] koha/C4 Circulation.pm

From: Bruno Toumi
Subject: [Koha-cvs] koha/C4 Circulation.pm
Date: Fri, 11 May 2007 14:49:54 +0000 
CVSROOT:        /cvsroot/koha
Module name:    koha
Changes by:     Bruno Toumi <btoumi>    07/05/11 14:49:54

Modified files:
        C4             : Circulation.pm 

Log message:
        add security for the item barcode

CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/koha/C4/Circulation.pm?cvsroot=koha&r1=1.23&r2=1.24

Patches:
Index: Circulation.pm
===================================================================
RCS file: /cvsroot/koha/koha/C4/Circulation.pm,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -b -r1.23 -r1.24
--- Circulation.pm      10 May 2007 15:56:53 -0000      1.23
+++ Circulation.pm      11 May 2007 14:49:54 -0000      1.24
@@ -17,7 +17,7 @@
 # Koha; if not, write to the Free Software Foundation, Inc., 59 Temple Place,
 # Suite 330, Boston, MA  02111-1307 USA
 
-# $Id: Circulation.pm,v 1.23 2007/05/10 15:56:53 btoumi Exp $
+# $Id: Circulation.pm,v 1.24 2007/05/11 14:49:54 btoumi Exp $
 
 use strict;
 require Exporter;
@@ -43,7 +43,7 @@
 use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
 
 # set the version for version checking
-$VERSION = do { my @v = '$Revision: 1.23 $' =~ /\d+/g; shift(@v).".".join( 
"_", map { sprintf "%03d", $_ } @v ); };
+$VERSION = do { my @v = '$Revision: 1.24 $' =~ /\d+/g; shift(@v).".".join( 
"_", map { sprintf "%03d", $_ } @v ); };
 
 =head1 NAME
 
@@ -855,7 +855,8 @@
     my ( $borrower, $barcode, $date, $cancelreserve ) = @_;
     
     my $dbh = C4::Context->dbh;
-if ($borrower and $barcode){
+my $barcodecheck=CheckValidBarcode($barcode);
+if ($borrower and $barcode and $barcodecheck ne '0'){
 #   my ($borrower, $flags) = &GetMemberDetails($borrowernumber, 0);
     # find which item we issue
     my $item = GetItem('', $barcode);
@@ -2002,6 +2003,20 @@
 return $countspecial;
 }
 
+sub CheckValidBarcode{
+my ($barcode) = @_;
+my $dbh = C4::Context->dbh;
+my $query=qq|SELECT count(*) 
+            FROM items 
+             WHERE barcode=?
+           |;
+my $sth = $dbh->prepare($query);
+$sth->execute($barcode);
+my $exist=$sth->fetchrow ;
+$sth->finish;
+return $exist;
+}
+
 1;
 
 __END__
reply via email to
[Prev in Thread] Current Thread [Next in Thread]