Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Main Koha release repository https://koha-community.org
50067 commits 35 branches 612 tags 1.8 GiB
Perl 45.4%
JavaScript 39.3%
HTML 7.2%
XSLT 3.9%
Vue 1.4%
Other 2.3%
Find a file
Jonathan Druart 17ed4acb17 Bug 35941: Limit club list to those from the logged in user 
clubs-tab get the patron's id from the parameter. At the OPAC we must
use the one from the logged in user, to prevent leak to other users

Test plan:
Have 2 clubs: A, B
Enroll to A with patron borrowernumber=1
Enroll to B with patron borrowernumber=2
Log in with patron 1 and hit:
  http://localhost:8080/cgi-bin/koha/clubs/clubs-tab.pl?borrowernumber=1
=> OK
Now hit
  http://localhost:8080/cgi-bin/koha/clubs/clubs-tab.pl?borrowernumber=2
=> oops

Apply this patch, try again.
The "borrowernumber" parameter is no longer used to fetch the club list.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit e51ef7ef76a4ee523b302d724d80118185030e60)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2024-02-22 13:02:53 +00:00
acqui Bug 35254: [22.11.x] Add import_record_id to order inputs 2023-12-11 17:05:24 +01:00
admin Bug 35278: Fix warn from column_settings.pl 2023-11-14 13:57:42 -01:00
api Bug 33606: Mark the endpoint as experimental 2023-11-13 15:10:56 +00:00
authorities Bug 33406: (QA follow-up) Adjust tests and tidy 2023-10-12 15:45:37 +00:00
basket Bug 33102: Display fields from biblioitems in OPAC/staff interface cart 2023-05-12 16:34:19 +01:00
bin
C4 Bug 35918: Fix auto library connect (AutoLocation) 2024-02-22 09:54:55 +00:00
catalogue Bug 33167: (RMAINT fix) Revert 33167 2023-07-20 08:41:00 +00:00
cataloguing Bug 35290: (follow-up) Perltidy formatting corrections 2023-11-28 14:14:17 +00:00
circ Bug 33164: Do not prevent processing of all error messages 2023-11-14 13:58:11 -01:00
clubs
course_reserves
debian Bug 35174: update control files for koha-l10n dependency package 2023-11-22 09:37:36 +01:00
docs Bug 34424: Add Emily Lamancusa to QA Team 2023-11-13 15:28:49 +00:00
erm
errors
etc Bug 30843: Add mfa_range configuration option for TOTP 2023-10-17 16:56:21 +00:00
ill
installer [RMaint follow-up] Fix executable permission on 22.11.12 2024-02-08 07:58:30 +00:00
Koha Bug 29510: Make objects.find call search_limited if present 2024-02-22 10:41:45 +00:00
koha-tmpl Bug 35941: Limit club list to those from the logged in user 2024-02-22 13:02:53 +00:00
labels
lib/CGI/Session/Serialize
members Bug 34910: (follow-up) alert in patron details 2023-11-13 15:22:12 +00:00
misc Update release notes for 22.11.14 release 2024-01-29 10:26:33 +01:00
offline_circ
opac Bug 35941: Limit club list to those from the logged in user 2024-02-22 13:02:53 +00:00
patron_lists
patroncards
plugins Bug 30367: (follow-up) Same adjustment for gitlab 2023-05-12 15:58:09 +01:00
pos Bug 34331: Use register from userenv if parameter not passed 2023-08-31 10:23:50 +00:00
recalls Bug 34013: Recalls awaiting pickup doesn't show count on each tab 2023-07-18 11:21:31 +00:00
reports Bug 34859: Remove unnecessary params from reports-home.pl 2023-10-17 17:23:41 +00:00
reserve Bug 34634: Show expirationdate of expired holds on reserve/request.pl 2023-09-15 09:33:06 +00:00
reviews
rotating_collections
serials Bug 35073: perltidy subscription-batchedit.pl 2023-11-14 13:40:44 -01:00
services
skel
suggestion Bug 35276: Remove authentication params from suggestion hash 2023-11-16 09:37:10 +00:00
svc Bug 27249: Prevent infinite loop when searching for an open day 2023-11-13 13:45:36 +00:00
t Bug 29510: RMaint fix test count 2024-02-22 10:44:46 +00:00
tags
tools Bug 35291: (QA follow-up) Tidying script for QA test tools 2023-11-28 14:14:18 +00:00
virtualshelves Bug 34650: Remove unnecessary CSRF check on edit_form 2023-09-08 09:47:28 +00:00
xt Bug 34911: Test files from HEAD instead of 'master' 2023-10-17 16:56:23 +00:00
.editorconfig
.eslintrc.json
.gitignore Bug 35174: Add misc/translator/po to .gitignore 2023-11-22 09:37:30 +01:00
.htaccess
.mailmap Update .mailmap 2023-07-18 09:22:47 +00:00
.perlcriticrc
.perltidyrc Bug 30002: Adjust perltidy 2023-07-12 09:16:19 +00:00
.proverc.dist
.stylelintrc.json
about.pl Bug 35174: Add a warning to the about page 2023-11-22 09:37:14 +01:00
app.psgi
build-resources.PL
changelanguage.pl
cpanfile
cypress.json Bug 33408: Extend defaultCommandTimeout for cypress 2023-05-15 13:15:43 +00:00
fix-perl-path.PL
gulpfile.js Bug 35174: Don't run gulp po commands if po dir is missing 2023-11-22 09:37:36 +01:00
help.pl
INSTALL
Koha.pm Increment version for 22.11.14 2024-01-29 09:09:59 +01:00
koha_perl_deps.pl
kohaversion.pl
LICENSE
mainpage.pl Rmaint fix: Remove Koha::Tickets import from 35019 rebase 2023-11-14 16:11:36 +00:00
Makefile.PL Bug 30002: (QA follow-up) Add .perltidyrc to Makefile.PL mapping 2023-07-12 09:41:28 +00:00
MANIFEST.SKIP
package.json
README
README.md
README.robots
rewrite-config.PL
tsconfig.json
webpack.config.js
yarn.lock

README.md

Koha is a free software integrated library system (ILS).

Koha is distributed under the GNU GPL version 3 or later.

Note: Koha does not accept pull requests from git hosting sites.

Note: This project has its own bug tracker, to report a bug or submit a patch visit http://bugs.koha-community.org.

For guidelines on submitting patches for Koha please visit https://wiki.koha-community.org/wiki/SubmitingAPatch

The developers handbook can be found at https://wiki.koha-community.org/wiki/Developer_handbook

http://koha-community.org/

Koha Logo