From 90fe0170f23a3932388fb1ec85a55b8424289a99 Mon Sep 17 00:00:00 2001 From: Nahuel ANGELINETTI Date: Wed, 7 Jan 2009 14:33:23 +0100 Subject: [PATCH] (bug #2811)[3.2] fix opac-renew.pl part This patch only fix a "security" failure that permit a user to renew his loan using directly the opac-renew.pl url. Now, we check that opacrenewalallowed is set to on to permit the renewal in opac. Signed-off-by: Galen Charlton --- opac/opac-renew.pl | 3 ++- opac/opac-user.pl | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/opac/opac-renew.pl b/opac/opac-renew.pl index 5eb97614c8..88bbacbe72 100755 --- a/opac/opac-renew.pl +++ b/opac/opac-renew.pl @@ -22,10 +22,11 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user( ); my @items = $query->param('item'); my $borrowernumber = $query->param('borrowernumber') || $query->param('bornum'); +my $opacrenew = C4::Context->preference("OpacRenewalAllowed"); for my $itemnumber ( @items ) { my ($status,$error) = CanBookBeRenewed( $borrowernumber, $itemnumber ); - if ( $status == 1 ) { + if ( $status == 1 && $opacrenew == 1 ) { AddRenewal( $borrowernumber, $itemnumber ); } } diff --git a/opac/opac-user.pl b/opac/opac-user.pl index 807fdbf6f4..8d89ddac68 100755 --- a/opac/opac-user.pl +++ b/opac/opac-user.pl @@ -128,7 +128,7 @@ foreach my $issue ( @issue_list ) { my ($status,$renewerror) = CanBookBeRenewed( $borrowernumber, $issue->{'itemnumber'} ); ($issue->{'renewcount'},$issue->{'renewsallowed'},$issue->{'renewsleft'}) = GetRenewCount($borrowernumber, $issue->{'itemnumber'}); - $issue->{'status'} = $status; + $issue->{'status'} = $status || C4::Context->preference("OpacRenewalAllowed"); if ( $issue->{'overdue'} ) { push @overdues, $issue;