https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40275 --- Comment #19 from David Cook <dcook@prosentient.com.au> --- (In reply to Aleisha Amohia from comment #13)
(In reply to David Cook from comment #12)
Do you have some examples of some other places?
There are a number of places where I think we should actually be moving to using borrowernumber instead of cardnumber/userid, so some places might need that fix instead of this one? (For example bug 34018 or bug 39535)
I started making that list, and then stopped because I had the same thought about using borrowernumber instead, and being out of scope.
But as an example, there is this instance in C4::Auth->check_cookie_auth() that I'm not sure about?
1943 } elsif ($userid) { 1944 $session->param( 'lasttime', time() ); 1945 my $patron = Koha::Patrons->find( { userid => $userid } ); 1946 1947 # If the user modify their own userid 1948 # Better than 500 but we could do better 1949 unless ($patron) { 1950 $session->delete(); 1951 $session->flush; 1952 return ( "expired", undef ); 1953 } 1954 1955 $patron = Koha::Patrons->find( { cardnumber => $userid } ) 1956 unless $patron;
Yeah, I'm pretty sure this is one of those places we should be using borrowernumber (ie $session->param('number') rather than the userid in $session->param('id')) instead. The current lookup by userid and cardnumber there is... not good. -- You are receiving this mail because: You are watching all bug changes.