Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Main Koha release repository https://koha-community.org
52118 commits 35 branches 612 tags 1.8 GiB
Perl 45.3%
JavaScript 39.4%
HTML 7.2%
XSLT 3.9%
Vue 1.4%
Other 2.3%
Find a file
Jonathan Druart afcb9d0277 Bug 35941: Limit club list to those from the logged in user 
clubs-tab get the patron's id from the parameter. At the OPAC we must
use the one from the logged in user, to prevent leak to other users

Test plan:
Have 2 clubs: A, B
Enroll to A with patron borrowernumber=1
Enroll to B with patron borrowernumber=2
Log in with patron 1 and hit:
  http://localhost:8080/cgi-bin/koha/clubs/clubs-tab.pl?borrowernumber=1
=> OK
Now hit
  http://localhost:8080/cgi-bin/koha/clubs/clubs-tab.pl?borrowernumber=2
=> oops

Apply this patch, try again.
The "borrowernumber" parameter is no longer used to fetch the club list.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit e51ef7ef76a4ee523b302d724d80118185030e60)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2024-02-19 14:41:11 +01:00
acqui Bug 35634: (bug 33105 follow-up) fix typo issues_manage vs issue_manage 2024-01-15 15:22:24 +01:00
admin Bug 35460: Fix add and edit of hold rules in circulation rules table 2023-12-11 21:44:27 -10:00
api Bug 35368: Add public to "Add a new checkout" in API documentation 2024-02-01 17:18:09 +01:00
authorities
basket
bin
bookings Bug 35574: Bookings tab from biblio details should only require manage_bookings permission 2024-01-03 15:48:28 +01:00
C4 Bug 36092: Pass sessionID at the end of get_template_and_user 2024-02-19 14:41:11 +01:00
catalogue Bug 34913: Adjust item search 2024-01-29 10:15:54 +01:00
cataloguing Bug 35774: Use itemnumber instead of biblioitemnumber 2024-02-01 16:08:27 +01:00
circ Bug 35518: Tidy the moved blocks 2024-02-15 10:48:08 +01:00
clubs
course_reserves
debian Bug 30627: Verify --days parameter and use find command to select old backups for deletion 2024-01-31 14:04:52 +01:00
docs Bug 35504: Split list of ERM Topic experts 2024-01-15 15:23:22 +01:00
erm
errors
etc Bug 35086: (follow-up) Use 5000 as example in conf file 2024-01-17 10:22:47 +01:00
ill Bug 35930: Add guards for plugins_enabled 2024-02-15 10:51:57 +01:00
installer Bug 30230: (follow-up) Update missing descriptions 2024-02-01 16:26:13 +01:00
Koha Bug 35930: Add guards for plugins_enabled 2024-02-15 10:51:57 +01:00
koha-tmpl Bug 35941: Limit club list to those from the logged in user 2024-02-19 14:41:11 +01:00
labels Bug 10762: (QA follow-up) Perltidy 2023-10-25 10:35:31 -03:00
lib/CGI/Session/Serialize
members Bug 30230: Add new 'list_borrowers' permission 2024-02-01 16:22:55 +01:00
misc Bug 35479: (QA follow-up): Tidy 2024-02-13 11:24:17 +01:00
offline_circ Bug 34529: Offline circulation should be able to accept userid as well as cardnumber 2023-11-06 11:34:44 -03:00
opac Bug 35941: Limit club list to those from the logged in user 2024-02-19 14:41:11 +01:00
patron_lists Bug 34977: (QA follow-up) Tidy code 2023-11-08 11:41:33 -03:00
patroncards
plugins Bug 25672: Fix double output_html_with_http_headers 2023-10-31 11:02:45 -03:00
pos
preservation Bug 34030: Add a "print slips" action links to print in batch 2023-10-23 11:33:55 -03:00
recalls
reports Bug 34456: (QA follow-up) perltidy code 2023-11-01 17:23:18 -03:00
reserve Bug 34519: Add a template plugin for fetch searchable patron attributes 2023-11-08 17:52:37 -03:00
reviews
rotating_collections
serials Bug 28012: Use definedness test instead of bool when checking whether to null fields 2024-01-03 17:27:11 +01:00
services
skel
suggestion Bug 35276: Remove authentication params from suggestion hash 2023-11-14 10:32:38 -03:00
svc Bug 34913: Adjust C4::Utils::DataTables::VirtualShelves 2024-01-29 10:15:53 +01:00
t Bug 36092: Add test 2024-02-19 14:41:11 +01:00
tags
tools Bug 35817: Fix hint on patron's category when batch update patron 2024-01-31 14:38:01 +01:00
virtualshelves Bug 35547: Show public "staff only" lists in addbybiblionumber.pl 2024-01-03 16:36:51 +01:00
xt
.editorconfig
.eslintrc.json
.gitignore Bug 35174: Add misc/translator/po to .gitignore 2023-11-16 08:56:36 +01:00
.htaccess
.mailmap 23.11.00: Update mailmap 2023-11-30 14:58:47 -03:00
.perlcriticrc
.perltidyrc
.proverc.dist
.stylelintrc.json
about.pl Bug 35504: Distinguish different RMaint and Topic Expert roles 2024-01-15 15:23:22 +01:00
app.psgi
build-resources.PL
changelanguage.pl
cpanfile
cypress.config.ts
fix-perl-path.PL
gulpfile.js Bug 35428: Remove temporary files for gulp po tasks 2024-01-03 14:16:31 +01:00
help.pl
INSTALL
Koha.pm Bug 30230: DBRev 23.11.02.003 2024-02-01 16:25:54 +01:00
koha_perl_deps.pl
kohaversion.pl
LICENSE
mainpage.pl
Makefile.PL Bug 35759: (bug 30708 follow-up) Generated dist file not installed for preservation module 2024-01-17 10:06:28 +01:00
MANIFEST.SKIP
package.json
README
README.md
README.robots
rewrite-config.PL
tsconfig.json
webpack.config.js
yarn.lock

README.md

Koha is a free software integrated library system (ILS).

Koha is distributed under the GNU GPL version 3 or later.

Note: Koha does not accept pull requests from git hosting sites.

Note: This project has its own bug tracker, to report a bug or submit a patch visit http://bugs.koha-community.org.

For guidelines on submitting patches for Koha please visit https://wiki.koha-community.org/wiki/SubmitingAPatch

The developers handbook can be found at https://wiki.koha-community.org/wiki/Developer_handbook

http://koha-community.org/

Koha Logo