This patch only fix a "security" failure that permit a user to renew his loan
using directly the opac-renew.pl url.
Now, we check that opacrenewalallowed is set to on to permit the renewal in
opac.
---
opac/opac-renew.pl | 3 ++-
opac/opac-user.pl | 2 +-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/opac/opac-renew.pl b/opac/opac-renew.pl
index 5eb9761..88bbacb 100755
--- a/opac/opac-renew.pl
+++ b/opac/opac-renew.pl
@@ -22,10 +22,11 @@ my ( $template, $borrowernumber, $cookie ) =
get_template_and_user(
);
my @items = $query->param('item');
my $borrowernumber = $query->param('borrowernumber') ||
$query->param('bornum');
+my $opacrenew = C4::Context->preference("OpacRenewalAllowed");
for my $itemnumber ( @items ) {
my ($status,$error) = CanBookBeRenewed( $borrowernumber, $itemnumber );
- if ( $status == 1 ) {
+ if ( $status == 1 && $opacrenew == 1 ) {
AddRenewal( $borrowernumber, $itemnumber );
}
}
diff --git a/opac/opac-user.pl b/opac/opac-user.pl
index dd69072..95d252d 100755
--- a/opac/opac-user.pl
+++ b/opac/opac-user.pl
@@ -128,7 +128,7 @@ foreach my $issue ( @issue_list ) {
my ($status,$renewerror) = CanBookBeRenewed( $borrowernumber,
$issue->{'itemnumber'} );
($issue->{'renewcount'},$issue->{'renewsallowed'},$issue->{'renewsleft'}) =
GetRenewCount($borrowernumber, $issue->{'itemnumber'});
- $issue->{'status'} = $status;
+ $issue->{'status'} = $status ||
C4::Context->preference("OpacRenewalAllowed");
if ( $issue->{'overdue'} ) {
push @overdues, $issue;
--
1.5.6.3
_______________________________________________
Koha-patches mailing list
[email protected]
http://lists.koha.org/mailman/listinfo/koha-patches
