Bug 5087: Add server-side check

[koha-equinox.git] / opac / opac-downloadshelf.pl

diff --git a/opac/opac-downloadshelf.pl b/opac/opac-downloadshelf.pl
index f317f3c..011fd0c 100755 (executable)
--- a/opac/opac-downloadshelf.pl
+++ b/opac/opac-downloadshelf.pl
@@ -75,6 +75,13 @@ if ( $shelf and $shelf->can_be_viewed( $borrowernumber ) ) {
 
        # CSV
         if ($format =~ /^\d+$/) {
+
+            my $csv_profile = Koha::CsvProfiles->find($format);
+            if ( not $csv_profile or $csv_profile->staff_only ) {
+                print $query->redirect('/cgi-bin/koha/errors/404.pl');
+                exit;
+            }
+
             my @biblios;
             while ( my $content = $contents->next ) {
                 push @biblios, $content->biblionumber;