From 85bd15a83ffdab0c2e28eae54e50ce4dee9e608b Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Wed, 29 Mar 2017 18:25:40 -0300 Subject: [PATCH] Bug 18349: SCO - Do not trust the confirmed flag The "confirmed" flag is used to know if that user confirmed a situation that needs a confirmation. But if the issue/renew is impossible the CanBookBeIssued and the 'impossible flags' should be checked. Otherwise a patron can checkout and renew bypassing the circulation rules (Understand 'no limit' here...) Test plan: Want to renew? Checkin $barcode, then /cgi-bin/koha/sco/sco-main.pl?patronid=$cardnumber&barcode=$barcode&confirmed=1&op=checkout Want to bypass the checkin? Same url... Signed-off-by: Nick Clemens Signed-off-by: Kyle M Hall --- opac/sco/sco-main.pl | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/opac/sco/sco-main.pl b/opac/sco/sco-main.pl index b313df9aee..0486dd43b7 100755 --- a/opac/sco/sco-main.pl +++ b/opac/sco/sco-main.pl @@ -137,15 +137,13 @@ elsif ( $op eq "returnbook" && $allowselfcheckreturns ) { elsif ( $op eq "checkout" ) { my $impossible = {}; my $needconfirm = {}; - if ( !$confirmed ) { - ( $impossible, $needconfirm ) = CanBookBeIssued( - $borrower, - $barcode, - undef, - 0, - C4::Context->preference("AllowItemsOnHoldCheckoutSCO") - ); - } + ( $impossible, $needconfirm ) = CanBookBeIssued( + $borrower, + $barcode, + undef, + 0, + C4::Context->preference("AllowItemsOnHoldCheckoutSCO") + ); $confirm_required = scalar keys %$needconfirm; #warn "confirm_required: " . $confirm_required ;