This fix the security issue about shelf edition that allow any non-logged user
to modify them.
---
C4/VirtualShelves.pm | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/C4/VirtualShelves.pm b/C4/VirtualShelves.pm
index b3e5b26..9c85602 100644
--- a/C4/VirtualShelves.pm
+++ b/C4/VirtualShelves.pm
@@ -476,7 +476,7 @@ sub ShelfPossibleAction {
return 1 if ( $category >= 3);
# open list
return 1 if (($category >= 2) and
defined($action) and $action eq 'view');
# public list, anybody can view
- return 1 if (($category >= 2) and defined($user) and
($borrower->{authflags}->{superlibrarian} || $user == 0)); # public list,
superlibrarian can edit/delete
+ return 1 if (($category >= 2) and defined($user) and
($borrower->{authflags}->{superlibrarian})); # public list, superlibrarian can
edit/delete
return 1 if (defined($user) and $owner eq $user ); # user owns
this list. Check last.
return 0;
}
--
1.6.0.4
_______________________________________________
Koha-patches mailing list
[email protected]
http://lists.koha.org/mailman/listinfo/koha-patches
