Koha/opac
Jonathan Druart afcb9d0277 Bug 35941: Limit club list to those from the logged in user
clubs-tab get the patron's id from the parameter. At the OPAC we must
use the one from the logged in user, to prevent leak to other users

Test plan:
Have 2 clubs: A, B
Enroll to A with patron borrowernumber=1
Enroll to B with patron borrowernumber=2
Log in with patron 1 and hit:
  http://localhost:8080/cgi-bin/koha/clubs/clubs-tab.pl?borrowernumber=1
=> OK
Now hit
  http://localhost:8080/cgi-bin/koha/clubs/clubs-tab.pl?borrowernumber=2
=> oops

Apply this patch, try again.
The "borrowernumber" parameter is no longer used to fetch the club list.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit e51ef7ef76a4ee523b302d724d80118185030e60)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2024-02-19 14:41:11 +01:00
..
clubs Bug 35941: Limit club list to those from the logged in user 2024-02-19 14:41:11 +01:00
errors
external/overdrive
sci
sco Bug 34557: Add SCOLoadCheckoutsByDefault system preference 2023-11-08 11:41:11 -03:00
svc Bug 25079: Add a 'edit' functionality to the Clubs tool in the staff interface 2023-06-23 11:00:49 -03:00
ilsdi.pl
maintenance.pl Bug 23798: Convert OpacMaintenanceNotice system preference to additional contents 2023-11-08 17:41:27 -03:00
oai.pl
opac-account-pay-return.pl
opac-account-pay.pl
opac-account.pl
opac-addbybiblionumber.pl Bug 30418: Add ability for permitted staff to edit list contents 2023-05-15 18:23:57 -03:00
opac-alert-subscribe.pl Bug 28130: (QA follow-up) Tidy 2023-10-11 10:31:39 -03:00
opac-alert-subscriptions.pl Bug 28130: (QA follow-up) Tidy 2023-10-11 10:31:39 -03:00
opac-article-request-cancel.pl
opac-authorities-home.pl Bug 35578: Simplify the code using intersect 2024-02-01 15:50:38 +01:00
opac-authoritiesdetail.pl Bug 21330: Allow XSLT for authority detail view in OPAC 2023-05-15 18:24:03 -03:00
opac-basket.pl Bug 33102: Display fields from biblioitems in OPAC/staff interface cart 2023-05-05 17:45:19 -03:00
opac-blocked.pl
opac-browse.pl
opac-browser.pl
opac-changelanguage.pl
opac-course-details.pl
opac-course-reserves.pl
opac-curbside-pickups.pl
opac-detail.pl Bug 26314: (QA follow-up) Resolve new QA script failures 2023-10-17 14:45:13 -03:00
opac-discharge.pl
opac-dismiss-message.pl Bug 12029: Remove 'params' from filter_by_unread 2023-04-20 15:48:47 -03:00
opac-downloadcart.pl
opac-downloadshelf.pl Bug 33069: Fix error in MARC download for OPAC lists 2023-05-09 10:57:55 -03:00
opac-export.pl
opac-holdshistory.pl
opac-ics.pl
opac-idref.pl
opac-illrequests.pl Bug 18203: Rename column 2023-11-01 18:01:39 -03:00
opac-image.pl Bug 33047: Return 404 instead of 500 when biblio does not exist 2023-07-10 15:43:14 -03:00
opac-imageviewer.pl
opac-ISBDdetail.pl Bug 34836: Add patron check to isbd and marc detail pages 2023-10-03 08:51:11 -04:00
opac-issue-note.pl
opac-library.pl
opac-main.pl Bug 31383: Create a parent-child DB relation for additional content 2023-10-20 14:43:56 -03:00
opac-MARCdetail.pl Bug 35266: Fix biblio check in opac-MARCdetail 2023-11-15 16:07:04 -03:00
opac-memberentry.pl Bug 35445: Require OPAC user to confirm self-registration with button push 2024-02-01 15:54:02 +01:00
opac-messaging.pl
opac-modrequest-suspend.pl Bug 35492: Open holds tab by default on opac-user.pl after suspending a hold 2024-01-03 15:09:10 +01:00
opac-modrequest.pl Bug 35495: Open holds tab by default on opac-user.pl after cancelling a hold 2024-01-03 15:09:49 +01:00
opac-mymessages.pl
opac-news-rss.pl
opac-overdrive-search.pl
opac-page.pl Bug 31383: Create a parent-child DB relation for additional content 2023-10-20 14:43:56 -03:00
opac-passwd.pl
opac-password-recovery.pl Bug 21431: Add action parameter to set_password 2023-11-09 14:50:11 -03:00
opac-patron-consent.pl Bug 31503: Make opac-patron-consent more generic 2023-10-25 10:35:20 -03:00
opac-patron-image.pl
opac-privacy.pl
opac-ratings.pl
opac-readingrecord.pl Bug 33949: Replace GetAllIssues with Koha::Checkouts - opac 2023-10-18 15:41:26 -03:00
opac-recall.pl
opac-recalls.pl
opac-registration-verify.pl Bug 35445: Require OPAC user to confirm self-registration with button push 2024-02-01 15:54:02 +01:00
opac-renew.pl Bug 33444: Update AddRenewal to take a hashref of params 2023-07-19 12:06:52 -03:00
opac-reportproblem.pl
opac-request-article.pl Bug 36072: opac-request-article should check syspref 2024-02-19 14:41:11 +01:00
opac-reserve.pl Bug 35488: Open holds tab by default on opac-user.pl after placing a hold 2024-01-03 15:06:35 +01:00
opac-reset-password.pl
opac-restrictedpage.pl
opac-retrieve-file.pl
opac-review.pl
opac-routing-lists.pl
opac-search-history.pl
opac-search.pl Bug 35833: Silence few warnings from searching 2024-02-01 15:06:57 +01:00
opac-sendbasket.pl Bug 34731: Don't call SendQueuedMessages if message_id is bad 2023-09-12 09:44:59 -03:00
opac-sendshelf.pl Bug 34731: Don't call SendQueuedMessages if message_id is bad 2023-09-12 09:44:59 -03:00
opac-serial-issues.pl
opac-shareshelf.pl
opac-shelves.pl Bug 30418: Add ability for permitted staff to edit list contents 2023-05-15 18:23:57 -03:00
opac-showmarc.pl
opac-showreviews.pl
opac-suggestions.pl Bug 33236: Move NewSuggestion to Koha::Suggestion->store 2023-06-06 10:08:35 -03:00
opac-tags.pl
opac-tags_subject.pl
opac-topissues.pl
opac-user.pl Bug 35496: (QA follow-up): tidy up code 2024-01-03 15:10:21 +01:00
tracklinks.pl
unapi