Bug 20083: (follow-up) use same logic in opac-showmarc
It was correctly pointed out that opac-showmarc would leak the same way as catalogue/showmarc.pl, and so this patch moves the authentication step up to the top where it should be so as to prevent inappropriate data leaks. TEST PLAN --------- 1) Set your OpacPublic system preference to Disabled 2) Open your OPAC and login 3) Find a biblio with items 4) Go to the opac details, particularly MARC view. 5) Copy the "view plain" shortcut link. 6) log out. 7) Paste the link into the address bar. -- the information will leak! 8) apply the patch 9) restart_all 10) Refresh the OPAC link -- log in screen will appear. 11) run koha qa test tools Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This commit is contained in:
parent
f8ce3d88b1
commit
9a76781f9e
1 changed files with 7 additions and 7 deletions
|
@ -34,6 +34,13 @@ use C4::Templates;
|
|||
use Koha::RecordProcessor;
|
||||
|
||||
my $input = new CGI;
|
||||
my ( $template, $loggedinuser, $cookie ) = get_template_and_user({
|
||||
template_name => "opac-showmarc.tt",
|
||||
query => $input,
|
||||
type => "opac",
|
||||
authnotrequired => ( C4::Context->preference("OpacPublic") ? 1 : 0 ),
|
||||
debug => 1,
|
||||
});
|
||||
my $biblionumber = $input->param('id');
|
||||
$biblionumber = int($biblionumber);
|
||||
my $importid= $input->param('importid');
|
||||
|
@ -71,13 +78,6 @@ if ($view eq 'card' || $view eq 'html') {
|
|||
output_html_with_http_headers $input, undef, Encode::encode_utf8(C4::XSLT::engine->transform($xml, $xsl));
|
||||
}
|
||||
else { #view eq marc
|
||||
my ( $template, $loggedinuser, $cookie ) = get_template_and_user({
|
||||
template_name => "opac-showmarc.tt",
|
||||
query => $input,
|
||||
type => "opac",
|
||||
authnotrequired => ( C4::Context->preference("OpacPublic") ? 1 : 0 ),
|
||||
debug => 1,
|
||||
});
|
||||
$template->param( MARC_FORMATTED => $record->as_formatted );
|
||||
output_html_with_http_headers $input, $cookie, $template->output;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue