(bug #2811)[3.2] fix opac-renew.pl part

This patch only fix a "security" failure that permit a user to renew his loan using directly the opac-renew.pl url.
Now, we check that opacrenewalallowed is set to on to permit the renewal in opac.

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>

opac/opac-renew.pl

@@ -22,10 +22,11 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
 ); 
 my @items          = $query->param('item');
 my $borrowernumber = $query->param('borrowernumber') || $query->param('bornum');
+my $opacrenew = C4::Context->preference("OpacRenewalAllowed");
 
 for my $itemnumber ( @items ) {
     my ($status,$error) = CanBookBeRenewed( $borrowernumber, $itemnumber );
-    if ( $status == 1 ) {
+    if ( $status == 1 && $opacrenew == 1 ) {
         AddRenewal( $borrowernumber, $itemnumber );
     }
 }

opac/opac-user.pl

@@ -128,7 +128,7 @@ foreach my $issue ( @issue_list ) {
     my ($status,$renewerror) = CanBookBeRenewed( $borrowernumber, $issue->{'itemnumber'} );
 	($issue->{'renewcount'},$issue->{'renewsallowed'},$issue->{'renewsleft'}) = GetRenewCount($borrowernumber, $issue->{'itemnumber'});
 
-    $issue->{'status'} = $status;
+    $issue->{'status'} = $status || C4::Context->preference("OpacRenewalAllowed");
 
     if ( $issue->{'overdue'} ) {
         push @overdues, $issue;