Bug 18349: SCO - Do not trust the confirmed flag
The "confirmed" flag is used to know if that user confirmed a situation that needs a confirmation. But if the issue/renew is impossible the CanBookBeIssued and the 'impossible flags' should be checked. Otherwise a patron can checkout and renew bypassing the circulation rules (Understand 'no limit' here...) Test plan: Want to renew? Checkin $barcode, then /cgi-bin/koha/sco/sco-main.pl?patronid=$cardnumber&barcode=$barcode&confirmed=1&op=checkout Want to bypass the checkin? Same url... Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This commit is contained in:
parent
2471dab71d
commit
85bd15a83f
1 changed files with 7 additions and 9 deletions
|
|
@ -137,7 +137,6 @@ elsif ( $op eq "returnbook" && $allowselfcheckreturns ) {
|
|||
elsif ( $op eq "checkout" ) {
|
||||
my $impossible = {};
|
||||
my $needconfirm = {};
|
||||
if ( !$confirmed ) {
|
||||
( $impossible, $needconfirm ) = CanBookBeIssued(
|
||||
$borrower,
|
||||
$barcode,
|
||||
|
|
@ -145,7 +144,6 @@ elsif ( $op eq "checkout" ) {
|
|||
0,
|
||||
C4::Context->preference("AllowItemsOnHoldCheckoutSCO")
|
||||
);
|
||||
}
|
||||
$confirm_required = scalar keys %$needconfirm;
|
||||
|
||||
#warn "confirm_required: " . $confirm_required ;
|
||||
|
|
|
|||
Loading…
Reference in a new issue