[Koha-patches] [PATCH] C4/Auth.pm: $session->param('id') should be checked before being compared.
Sébastien Hinderer
Sebastien.Hinderer at ens-lyon.org
Mon Sep 28 11:49:13 CEST 2009
Without this check, a warning is printed to syslog when one visits an
URL such as
http://intranet/cgi-bin/koha/cataloguing/additem.pl?biblionumber=3000
without being logged in.
---
C4/Auth.pm | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/C4/Auth.pm b/C4/Auth.pm
index 7574f9e..3b1da9d 100644
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@@ -564,7 +564,7 @@ sub checkauth {
$sessiontype = $session->param('sessiontype');
}
- if ( ($query->param('koha_login_context')) && ($query->param('userid') ne $session->param('id')) ) {
+ if ( ($query->param('koha_login_context')) && ($session->param('id')) && ($query->param('userid') ne $session->param('id')) ) {
#if a user enters an id ne to the id in the current session, we need to log them in...
#first we need to clear the anonymous session...
$debug and warn "query id = " . $query->param('userid') . " but session id = " . $session->param('id');
--
1.6.3.3
More information about the Koha-patches
mailing list