[Koha-patches] [PATCH] (bug #3238) fix the shelf edition in opac
Nahuel ANGELINETTI
nahuel.angelinetti at biblibre.com
Wed May 20 17:02:51 CEST 2009
This fix the security issue about shelf edition that allow any non-logged user to modify them.
---
C4/VirtualShelves.pm | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/C4/VirtualShelves.pm b/C4/VirtualShelves.pm
index b3e5b26..9c85602 100644
--- a/C4/VirtualShelves.pm
+++ b/C4/VirtualShelves.pm
@@ -476,7 +476,7 @@ sub ShelfPossibleAction {
return 1 if ( $category >= 3); # open list
return 1 if (($category >= 2) and
defined($action) and $action eq 'view'); # public list, anybody can view
- return 1 if (($category >= 2) and defined($user) and ($borrower->{authflags}->{superlibrarian} || $user == 0)); # public list, superlibrarian can edit/delete
+ return 1 if (($category >= 2) and defined($user) and ($borrower->{authflags}->{superlibrarian})); # public list, superlibrarian can edit/delete
return 1 if (defined($user) and $owner eq $user ); # user owns this list. Check last.
return 0;
}
--
1.6.0.4
More information about the Koha-patches
mailing list