[Koha-patches] [PATCH] Bug 6322 - It's possible to view lists/virtualshelves even when virtualshelves is off
Owen Leonard
oleonard at myacpl.org
Wed Apr 23 19:08:40 CEST 2014
If the user knows the URL for OPAC lists they can access them even with
the virtualshelves preference turned off. This patch copies the solution
added to opac-topissues.pl by Bug 10595 and applies it to OPAC lists
pages.
To test, apply the patch and set the virtualshelves system preference to
"don't allow."
- Navigate to /cgi-bin/koha/opac-shelves.pl. You should be redirected to
an Error 404 page.
- Also check /cgi-bin/koha/opac-shareshelf.pl.
- Turn virtualshelves back on. Access to lists and list sharing should
be restored.
---
opac/opac-shareshelf.pl | 8 ++++++++
opac/opac-shelves.pl | 6 ++++++
2 files changed, 14 insertions(+)
diff --git a/opac/opac-shareshelf.pl b/opac/opac-shareshelf.pl
index b12765b..fb5793e 100755
--- a/opac/opac-shareshelf.pl
+++ b/opac/opac-shareshelf.pl
@@ -34,6 +34,14 @@ use C4::Members ();
use C4::Output;
use C4::VirtualShelves;
+
+# if virtualshelves is disabled, leave immediately
+if ( ! C4::Context->preference('virtualshelves') ) {
+ my $query = new CGI;
+ print $query->redirect("/cgi-bin/koha/errors/404.pl");
+ exit;
+}
+
#-------------------------------------------------------------------------------
my $pvar = _init( {} );
diff --git a/opac/opac-shelves.pl b/opac/opac-shelves.pl
index e17e95f..b336e16 100755
--- a/opac/opac-shelves.pl
+++ b/opac/opac-shelves.pl
@@ -25,6 +25,12 @@ use C4::Auth;
my $query = CGI->new();
+# if virtualshelves is disabled, leave immediately
+if ( ! C4::Context->preference('virtualshelves') ) {
+ print $query->redirect("/cgi-bin/koha/errors/404.pl");
+ exit;
+}
+
my ( $template, $loggedinuser, $cookie ) = get_template_and_user({
template_name => "opac-shelves.tmpl",
query => $query,
--
1.7.9.5
More information about the Koha-patches
mailing list