Koha/koha-tmpl/opac-tmpl
Jonathan Druart 74e358518b Bug 35941: Limit club list to those from the logged in user
clubs-tab get the patron's id from the parameter. At the OPAC we must
use the one from the logged in user, to prevent leak to other users

Test plan:
Have 2 clubs: A, B
Enroll to A with patron borrowernumber=1
Enroll to B with patron borrowernumber=2
Log in with patron 1 and hit:
  http://localhost:8080/cgi-bin/koha/clubs/clubs-tab.pl?borrowernumber=1
=> OK
Now hit
  http://localhost:8080/cgi-bin/koha/clubs/clubs-tab.pl?borrowernumber=2
=> oops

Apply this patch, try again.
The "borrowernumber" parameter is no longer used to fetch the club list.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit e51ef7ef76a4ee523b302d724d80118185030e60)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit afcb9d0277)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2024-03-11 14:54:57 +00:00
..
bootstrap Bug 35941: Limit club list to those from the logged in user 2024-03-11 14:54:57 +00:00
lib Bug 34623: Update jQuery-validate plugin to 1.20.0 2024-02-21 21:46:57 +00:00
xslt Bug 33270: (follow-up) Handle records that fail attempt to ignore bad characters 2023-07-19 09:27:44 +01:00