Koha/koha-tmpl at b80fda78d9d5affe3b9beb4ede49d5ab4e73cf38 - Koha-community/Koha - Koha: The world's first free and open source library system

History

Jonathan Druart b80fda78d9 Bug 29543: Prevent user to checkin or renew items they don't own Checkin or renew must be restricted to the items they own. Test plan: Create an item with barcode bc_1 Check it in to user A Login to SCO with user B Get the token using the browser dev tool, from the cookie Hit (replace $JWT) /cgi-bin/koha/sco/sco-main.pl?jwt=$JWT&op=renew&barcode=bc_1 /cgi-bin/koha/sco/sco-main.pl?jwt=$JWT&op=returnbook&barcode=bc_1 You should see an error message Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>	2022-02-02 21:05:29 -10:00
..
intranet-tmpl	Bug 26102: Prevent XSS when To.json is used: unimarc_field_4XX.tt	2022-02-02 21:05:29 -10:00
opac-tmpl	Bug 29543: Prevent user to checkin or renew items they don't own	2022-02-02 21:05:29 -10:00

Jonathan Druart b80fda78d9 Bug 29543: Prevent user to checkin or renew items they don't own

Checkin or renew must be restricted to the items they own.

Test plan:
Create an item with barcode bc_1
Check it in to user A
Login to SCO with user B
Get the token using the browser dev tool, from the cookie
Hit (replace $JWT)
    /cgi-bin/koha/sco/sco-main.pl?jwt=$JWT&op=renew&barcode=bc_1
    /cgi-bin/koha/sco/sco-main.pl?jwt=$JWT&op=returnbook&barcode=bc_1

You should see an error message

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>

2022-02-02 21:05:29 -10:00

intranet-tmpl

Bug 26102: Prevent XSS when To.json is used: unimarc_field_4XX.tt

2022-02-02 21:05:29 -10:00

opac-tmpl

Bug 29543: Prevent user to checkin or renew items they don't own

2022-02-02 21:05:29 -10:00