https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37692 --- Comment #9 from Lari Taskula <lari.taskula@hypernova.fi> --- (In reply to Olli-Antti Kivilahti from comment #6)
The real question is, is this something that should be done, in this way, from a security-perspective? Obviously something needs to be done since the OPACSelfRegistration-feature doesnt work without this.
This page is protected by system preference "PatronSelfRegistration". In case it is disabled, the user is redirected to opac-main and from there to the login screen. The user is also redirected to the login screen if they present an invalid verification token. So a valid verification token is needed in order to temporarily bypass a disabled OpacPublic setting. Additionally, C4::Auth::checkauth has in the past accepted bypassing OpacPublic for this particular view. See https://github.com/Koha-Community/Koha/blob/6744b12d3ab4d9e33b22076c0e43b320... So I think your patch is okay. -- You are receiving this mail because: You are watching all bug changes.