Koha/opac
Mark Tompsett 9a76781f9e Bug 20083: (follow-up) use same logic in opac-showmarc
It was correctly pointed out that opac-showmarc would leak
the same way as catalogue/showmarc.pl, and so this patch
moves the authentication step up to the top where it
should be so as to prevent inappropriate data leaks.

TEST PLAN
---------
1) Set your OpacPublic system preference to Disabled
2) Open your OPAC and login
3) Find a biblio with items
4) Go to the opac details, particularly MARC view.
5) Copy the "view plain" shortcut link.
6) log out.
7) Paste the link into the address bar.
   -- the information will leak!
8) apply the patch
9) restart_all
10) Refresh the OPAC link
    -- log in screen will appear.
11) run koha qa test tools

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-04 15:45:34 -03:00
..
clubs Bug 12461 - Add patron clubs feature 2017-04-28 08:37:44 -04:00
errors
external/overdrive bug_16034 Koha::ExternalContent::OverDrive - a wrapper around WebService::ILS::Overdrive::Patron 2017-02-21 19:58:20 +00:00
rss
sci Bug 15492: (QA followup) Make page refresh work correctly 2018-03-26 17:31:19 -03:00
sco Bug 19935: Replace GetPendingIssues - sco-main 2018-04-03 11:43:38 -03:00
svc Bug 18915: Renaming svc/patron_notes to svc/checkout_notes 2018-01-15 12:14:00 -03:00
ilsdi.pl Bug 13990: ILS-DI LookupPatron requires ID Type 2018-01-30 14:18:21 -03:00
maintenance.pl Bug 17989: Include full path logic in _get_template_file 2017-11-01 13:10:17 -03:00
oai.pl
opac-account-pay-paypal-return.pl Bug 17829: Move GetMember to Koha::Patron 2017-07-10 13:14:19 -03:00
opac-account-pay-return.pl Bug 19173: Make OPAC online payments pluggable 2017-09-19 14:15:52 -03:00
opac-account-pay.pl Bug 19173: Make OPAC online payments pluggable 2017-09-19 14:15:52 -03:00
opac-account.pl Bug 12001: Move GetMemberAccountRecords to the Koha namespace 2018-02-23 10:57:30 -03:00
opac-addbybiblionumber.pl Bug 18262: Koha::Biblio - Remove GetBiblioData - part 1 2017-07-14 12:22:23 -03:00
opac-alert-subscribe.pl Bug 10357: Do not change the alerttype 2017-04-21 10:58:33 -04:00
opac-article-request-cancel.pl
opac-authorities-home.pl Bug 18204 - Authority searches are not saved in Search history 2017-05-28 22:12:01 -04:00
opac-authoritiesdetail.pl Bug 18149: Move CountUsage calls to Koha namespace 2017-09-19 11:47:32 -03:00
opac-basket.pl Bug 19708: Improve code for printing the cart in OPAC 2018-03-26 17:31:16 -03:00
opac-blocked.pl
opac-browser.pl Bug 17843: Replace C4::Koha::getitemtypeinfo with Koha::ItemTypes 2017-07-05 13:42:21 -03:00
opac-changelanguage.pl Bug 18946 [QA Followup] - code cleanup 2017-09-01 13:02:26 -03:00
opac-course-details.pl
opac-course-reserves.pl
opac-detail.pl Bug 20422: Fix warning on uri_escape_utf8 in Output.pm 2018-03-26 17:31:13 -03:00
opac-discharge.pl Bug 19212: Preventing warns when asking for discharge 2017-10-27 16:05:55 -03:00
opac-downloadcart.pl Bug 19040: Refactor GetMarcBiblio parameters 2017-08-25 10:23:42 -03:00
opac-downloadshelf.pl Bug 19040: Refactor GetMarcBiblio parameters 2017-08-25 10:23:42 -03:00
opac-export.pl Bug 20097: Use same regex in marc2dcxml and opac-export 2018-03-19 12:23:19 -03:00
opac-ics.pl Bug 19935: Replace GetPendingIssues - opac-ics.pl 2018-04-03 11:43:38 -03:00
opac-idref.pl Bug 19640: fix OPAC IdRef webservice display 2017-12-07 09:37:09 -03:00
opac-illrequests.pl Bug 7317: Handle backend absense more gracefuly 2017-11-09 11:42:14 -03:00
opac-image.pl
opac-imageviewer.pl Bug 18260: Koha::Biblio - Remove GetBiblio 2017-07-10 13:03:38 -03:00
opac-ISBDdetail.pl Bug 19301: Move C4::Reserves::OnShelfHoldsAllowed to get_onshelfholds_policy 2018-02-13 13:36:00 -03:00
opac-issue-note.pl Bug 18915: Fix checkout note email message 2018-01-15 12:14:00 -03:00
opac-main.pl Bug 19892: Replace numbersphr variable with Koha.Preference('OPACNumbersPreferPhrase') in OPAC 2018-04-02 18:08:07 -03:00
opac-MARCdetail.pl Bug 19301: (QA follow-up) Add POD, use statements and correct typo 2018-02-13 13:36:00 -03:00
opac-memberentry.pl Bug 18403: Add new methods Koha::Patrons->search_limited and use it where needed 2018-02-12 15:41:39 -03:00
opac-messaging.pl Bug 17829: Move GetMember to Koha::Patron 2017-07-10 13:14:19 -03:00
opac-modrequest-suspend.pl
opac-modrequest.pl Bug 19059: Move C4::Reserves::CancelReserve to Koha::Hold->cancel 2017-09-12 12:42:58 -03:00
opac-mymessages.pl
opac-news-rss.pl
opac-overdrive-search.pl Bug 18403: Update permissions - borrowers => 1|* becomes borrowers => 'edit_borrowers' 2018-02-12 15:41:37 -03:00
opac-passwd.pl Bug 18298: Add server-side checks and refactor stuffs 2017-10-16 09:44:32 -03:00
opac-password-recovery.pl Bug 18956: Fix empty to in message queue 2017-10-27 13:57:10 -03:00
opac-patron-image.pl
opac-privacy.pl Bug 18169: Make 'before' param non mandatory for Koha::Patrons->anonymise_issue_history 2017-03-03 18:16:54 +00:00
opac-ratings-ajax.pl
opac-ratings.pl
opac-readingrecord.pl Bug 17829: Move GetMember to Koha::Patron 2017-07-10 13:14:19 -03:00
opac-registration-verify.pl Bug 17829: Move GetMember to Koha::Patron 2017-07-10 13:14:19 -03:00
opac-renew.pl Bug 18572 - QA Followup 2017-07-24 13:38:31 -03:00
opac-request-article.pl
opac-reserve.pl Bug 12001: Move GetMemberAccountRecords to the Koha namespace 2018-02-23 10:57:30 -03:00
opac-restrictedpage.pl
opac-retrieve-file.pl Bug 17501: Move getCategories and httpheaders from Upload.pm 2017-01-20 14:20:05 +00:00
opac-review.pl Bug 19843: (bug 15839 follow-up) Set reviews.datereviewed when the review is made 2017-12-21 11:07:51 -03:00
opac-search-history.pl Bug 12497: Fix OPAC search history reachable by URL even when disabled 2017-12-07 10:09:52 -03:00
opac-search.pl Bug 19892: Replace numbersphr variable with Koha.Preference('OPACNumbersPreferPhrase') in OPAC 2018-04-02 18:08:07 -03:00
opac-sendbasket.pl Bug 18975: Retrieve up-to-date CGISESSID when just logged in 2018-02-18 14:47:42 -03:00
opac-sendshelf.pl Bug 19040: Refactor GetMarcBiblio parameters 2017-08-25 10:23:42 -03:00
opac-serial-issues.pl Bug 10357: Do not change the alerttype 2017-04-21 10:58:33 -04:00
opac-shareshelf.pl Bug 19304: Move C4::Members::GetNoticeEmailAddress to Koha::Patron->notice_email_address 2018-01-02 11:46:40 -03:00
opac-shelves.pl Bug 19301: Move C4::Reserves::OnShelfHoldsAllowed to get_onshelfholds_policy 2018-02-13 13:36:00 -03:00
opac-showmarc.pl Bug 20083: (follow-up) use same logic in opac-showmarc 2018-04-04 15:45:34 -03:00
opac-showreviews.pl Bug 19808: Handle deleted reviewers gracefully - opac-showreview 2017-12-21 11:07:37 -03:00
opac-suggestions.pl Bug 17829: Move GetMember to Koha::Patron 2017-07-10 13:14:19 -03:00
opac-tags.pl Bug 19040: Refactor GetMarcBiblio parameters 2017-08-25 10:23:42 -03:00
opac-tags_subject.pl Bug 17843: Replace C4::Koha::getitemtypeinfo with Koha::ItemTypes 2017-07-05 13:42:21 -03:00
opac-topissues.pl Bug 17835: Replace GetItemTypes with Koha::ItemTypes 2017-04-14 10:43:51 -04:00
opac-user.pl Bug 19935: (follow-up) Replace GetPendingIssues - opac-user.pl 2018-04-03 11:43:39 -03:00
tracklinks.pl Bug 20218: Fix matching of uri in tracklinks 2018-02-27 15:58:32 -03:00
unapi Bug 19439: (follow-up) Remove four spaces from lines 133-149 2017-12-11 11:34:24 -03:00