[Koha-bugs] [Bug 28660] Self checkout is not automatically logging in

bugzilla-daemon Wed, 07 Jul 2021 16:46:01 -0700

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28660


--- Comment #11 from David Cook <dc...@prosentient.com.au> ---
(In reply to Marcel de Rooy from comment #10)
>     || ( C4::Context->preference('AutoSelfCheckID')
>     && $q_userid eq C4::Context->preference('AutoSelfCheckID') )
> 
> Feels to me that this would need some additional checks?
> Like AutoSelfCheckAllowed  enabled?

I was thinking that too. 

> Are we here in a self checkout context? 

Yes.

> Elsewhere I see matches for the
> template name? Or $query->param('koha_login_context') ne 'sco' ?

Oh interesting. I do see in sco-main.pl the following within a check for
AutoSelfCheckAllowed:
$query->param(-name=>'koha_login_context',-values=>['sco']);

That said, that's a user-provided value, so technically you could easily use it
to circumvent the protection that we added...

-- 
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 28660] Self checkout is not automatically logging in

Reply via email to