https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37692
--- Comment #9 from Lari Taskula <[email protected]> --- (In reply to Olli-Antti Kivilahti from comment #6) > The real question is, is this something that should be done, in this way, > from a security-perspective? > Obviously something needs to be done since the OPACSelfRegistration-feature > doesnt work without this. This page is protected by system preference "PatronSelfRegistration". In case it is disabled, the user is redirected to opac-main and from there to the login screen. The user is also redirected to the login screen if they present an invalid verification token. So a valid verification token is needed in order to temporarily bypass a disabled OpacPublic setting. Additionally, C4::Auth::checkauth has in the past accepted bypassing OpacPublic for this particular view. See https://github.com/Koha-Community/Koha/blob/6744b12d3ab4d9e33b22076c0e43b32070efa20c/C4/Auth.pm#L835 So I think your patch is okay. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
