https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28660 --- Comment #11 from David Cook <dcook@prosentient.com.au> --- (In reply to Marcel de Rooy from comment #10)
|| ( C4::Context->preference('AutoSelfCheckID') && $q_userid eq C4::Context->preference('AutoSelfCheckID') )
Feels to me that this would need some additional checks? Like AutoSelfCheckAllowed enabled?
I was thinking that too.
Are we here in a self checkout context?
Yes.
Elsewhere I see matches for the template name? Or $query->param('koha_login_context') ne 'sco' ?
Oh interesting. I do see in sco-main.pl the following within a check for AutoSelfCheckAllowed: $query->param(-name=>'koha_login_context',-values=>['sco']); That said, that's a user-provided value, so technically you could easily use it to circumvent the protection that we added... -- You are receiving this mail because: You are watching all bug changes.