[Koha-patches] [PATCH] Bug 6322 - It's possible to view lists/virtualshelves even when virtualshelves is off

[Owen Leonard]

If the user knows the URL for OPAC lists they can access them even with
the virtualshelves preference turned off. This patch copies the solution
added to opac-topissues.pl by Bug 10595 and applies it to OPAC lists
pages.

To test, apply the patch and set the virtualshelves system preference to
"don't allow."

- Navigate to /cgi-bin/koha/opac-shelves.pl. You should be redirected to
  an Error 404 page.
- Also check /cgi-bin/koha/opac-shareshelf.pl.
- Turn virtualshelves back on. Access to lists and list sharing should
  be restored.
---
 opac/opac-shareshelf.pl |    8 ++++++++
 opac/opac-shelves.pl    |    6 ++++++
 2 files changed, 14 insertions(+)

diff --git a/opac/opac-shareshelf.pl b/opac/opac-shareshelf.pl
index b12765b..fb5793e 100755
--- a/opac/opac-shareshelf.pl
+++ b/opac/opac-shareshelf.pl
@@ -34,6 +34,14 @@ use C4::Members ();
 use C4::Output;
 use C4::VirtualShelves;
 
+
+# if virtualshelves is disabled, leave immediately
+if ( ! C4::Context->preference('virtualshelves') ) {
+    my $query = new CGI;
+    print $query->redirect("/cgi-bin/koha/errors/404.pl");
+    exit;
+}
+
 #-------------------------------------------------------------------------------
 
 my $pvar = _init( {} );
diff --git a/opac/opac-shelves.pl b/opac/opac-shelves.pl
index e17e95f..b336e16 100755
--- a/opac/opac-shelves.pl
+++ b/opac/opac-shelves.pl
@@ -25,6 +25,12 @@ use C4::Auth;
 
 my $query = CGI->new();
 
+# if virtualshelves is disabled, leave immediately
+if ( ! C4::Context->preference('virtualshelves') ) {
+    print $query->redirect("/cgi-bin/koha/errors/404.pl");
+    exit;
+}
+
 my ( $template, $loggedinuser, $cookie ) = get_template_and_user({
         template_name   => "opac-shelves.tmpl",
         query           => $query,
-- 
1.7.9.5