Bug 13917: OPAC: Putting holds still possible by URL even if turned off by system preference
To test: 1) Prepare an URL that put's a hold in OPAC (see comment #1), e.g. [YOUR SERVER]/cgi-bin/koha/opac-reserve.pl?biblionumbers=1 2) Set system preference 'RequestOnOpac' to 'Don't allow patrons to place holds on items from the OPAC.' 3) Go diectly to this URL. Result: The page displays to confirm hold (wrong) 4) Apply patch 5) Repeat step 3 Result: Redirect to 404 page (OK) 6) Set system preference to "Allow" 7) Repeat step 3 Result: The page displays to confirm hold (OK), like it would be from link in OPAC. Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This commit is contained in:
Marc Véron
parent
832fa0987b
commit
20dc9ce5a1
1 changed files with 7 additions and 0 deletions
|
|
@ -42,6 +42,13 @@ use Date::Calc qw/Today Date_to_Days/;
|
|||
my $maxreserves = C4::Context->preference("maxreserves");
|
||||
|
||||
my $query = new CGI;
|
||||
|
||||
# if RequestOnOpac (for placing holds) is disabled, leave immediately
|
||||
if ( ! C4::Context->preference('RequestOnOpac') ) {
|
||||
print $query->redirect("/cgi-bin/koha/errors/404.pl");
|
||||
exit;
|
||||
}
|
||||
|
||||
my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
|
||||
{
|
||||
template_name => "opac-reserve.tt",
|
||||
|
|
|
|||
Loading…
Reference in a new issue