[Koha-bugs] [Bug 28660] Self checkout is not automatically logging in
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Jul 8 01:45:52 CEST 2021
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28660
--- Comment #11 from David Cook <dcook at prosentient.com.au> ---
(In reply to Marcel de Rooy from comment #10)
> || ( C4::Context->preference('AutoSelfCheckID')
> && $q_userid eq C4::Context->preference('AutoSelfCheckID') )
>
> Feels to me that this would need some additional checks?
> Like AutoSelfCheckAllowed enabled?
I was thinking that too.
> Are we here in a self checkout context?
Yes.
> Elsewhere I see matches for the
> template name? Or $query->param('koha_login_context') ne 'sco' ?
Oh interesting. I do see in sco-main.pl the following within a check for
AutoSelfCheckAllowed:
$query->param(-name=>'koha_login_context',-values=>['sco']);
That said, that's a user-provided value, so technically you could easily use it
to circumvent the protection that we added...
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list