projects / koha.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 43fb058)
Bug 8706 - Private lists can be accessed by anyone
authorMarcel de Rooy <m.de.rooy@rijksmuseum.nl>
Fri, 31 Aug 2012 09:48:51 +0000 (11:48 +0200)
committerPaul Poulain <paul.poulain@biblibre.com>
Wed, 5 Sep 2012 13:29:51 +0000 (15:29 +0200)
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Confirmed private lists can be accessed directly before patch is
applied. After applying patch, I can no longer access the list
via the same url.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
C4/VirtualShelves.pm patch | blob | history

diff --git a/C4/VirtualShelves.pm b/C4/VirtualShelves.pm
index 25d092a..8c0b15e 100644 (file)
--- a/C4/VirtualShelves.pm
+++ b/C4/VirtualShelves.pm
@@ -464,7 +464,7 @@ sub ShelfPossibleAction {
     $sth->execute($user, $shelfnumber);
     my $shelf= $sth->fetchrow_hashref;
 
-    return 0 unless $shelf && ($shelf->{category}==2 || $shelf->{owner}==$user || $shelf->{borrowernumber}==$user);
+    return 0 unless $shelf && ($shelf->{category}==2 || $shelf->{owner}==$user || ($user && $shelf->{borrowernumber}==$user));
     if($action eq 'view') {
         #already handled in the above condition
         return 1;
Koha ILS @ FFZG - based on git://git.koha.org/pub/scm/koha.git