Koha/opac
Tomas Cohen Arazi 4452036d1c
Bug 25009: Avoid leakages in opac-showmarc.pl
This patch cleans opac-showmarc.pl so it doesn't allow retrieving
records from import batches without requiring any permissions in the
OPAC.

it does so by just removing the code portion that does that.

It also cleans the record fetch operation and how the record processor
is initialized to it actually works :-D

To test:
1. Perform a successful Z39.50 search in cataloguing (this fetches 20
   records usually)
2. Query your DB for a valid import_record_id:
  $ koha-mysql kohadev
  > SELECT * FROM import_records LIMIT 1;
3. Notice some of the MARCXML details (title, author, etc), and the
   import_record_id
4. Point your browser to the opac-showmarc.pl URL like this:
   http://kohadev.mydnsname.org:8080/cgi-bin/koha/opac-showmarc.pl?importid=20
=> FAIL: You get the record! (Bonus: no field/subfield takes place)
5. Hide some obvious subfield on the framework for a known (to you)
   biblionumber
6. Point your browser to:
   http://kohadev.mydnsname.org:8080/cgi-bin/koha/opac-showmarc.pl?id=<biblionumber_here>
=> FAIL: No filtering takes place
7. Apply this patch
8. Repeat 4
=> SUCCESS: You get an error because you did a bad request (no id param)
9. Repeat 6
=> SUCCESS: Subfield filtering actually works!
10. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-04-27 10:44:10 +01:00
..
clubs
errors
external/overdrive
rss
sci
sco Bug 25147: (RM follow-up) Update pref references. 2020-04-17 09:03:47 +01:00
svc Bug 24384: Add Access-Control-Allow-Origin support to OPAC reports svc 2020-03-19 09:23:13 +00:00
ilsdi.pl Bug 24537: Tidy code 2020-04-06 11:01:03 +01:00
maintenance.pl
oai.pl
opac-account-pay-paypal-return.pl Bug 24545: Fix license statements 2020-02-24 13:31:26 +00:00
opac-account-pay-return.pl Bug 24545: Fix license statements 2020-02-24 13:31:26 +00:00
opac-account-pay.pl Bug 24545: Fix license statements 2020-02-24 13:31:26 +00:00
opac-account.pl Bug 20415: Remove UseKohaPlugins system preference 2020-03-26 11:42:02 +00:00
opac-addbybiblionumber.pl
opac-alert-subscribe.pl
opac-article-request-cancel.pl
opac-authorities-home.pl Bug 24103: (follow-up) Dump query on opac authorities search 2020-02-19 15:58:51 +00:00
opac-authoritiesdetail.pl
opac-basket.pl
opac-blocked.pl
opac-browse.pl Bug 24545: Fix newly added files 2020-02-24 13:31:27 +00:00
opac-browser.pl
opac-changelanguage.pl
opac-course-details.pl
opac-course-reserves.pl
opac-detail.pl Bug 24854: Remove IDreamBooks integration 2020-03-24 08:07:23 +00:00
opac-discharge.pl
opac-downloadcart.pl
opac-downloadshelf.pl
opac-export.pl
opac-ics.pl Bug 24840: Replace DateTime->now with dt_from_string 2020-04-08 11:54:23 +01:00
opac-idref.pl
opac-illrequests.pl Bug 23173: Provide core infrastructure 2020-04-06 11:04:19 +01:00
opac-image.pl
opac-imageviewer.pl
opac-ISBDdetail.pl Bug 18936: (follow-up) Fix tests, replace old get_onshelfholds_policy method 2020-02-04 09:56:25 +00:00
opac-issue-note.pl Bug 22821: Rename method with ->inbound_email_address 2020-03-18 15:44:27 +00:00
opac-main.pl Bug 22880: (follow-up) Loose ends: Better DB update, global inclusion, etc. 2020-02-24 13:24:25 +00:00
opac-MARCdetail.pl Bug 5103: Refactor the code to avoid repetition 2020-03-16 10:56:45 +00:00
opac-memberentry.pl Bug 24913: Add PatronSelfRegistrationConfirmEmail syspref 2020-04-21 12:30:40 +01:00
opac-messaging.pl Bug 24673: Add CSRF token support to opac-messaging.pl 2020-03-26 11:34:28 +00:00
opac-modrequest-suspend.pl
opac-modrequest.pl
opac-mymessages.pl
opac-news-rss.pl
opac-overdrive-search.pl
opac-passwd.pl
opac-password-recovery.pl
opac-patron-consent.pl Bug 24545: Fix license statements 2020-02-24 13:31:26 +00:00
opac-patron-image.pl Bug 19991: use Modern::Perl in OPAC perl scripts 2018-08-30 13:40:32 +00:00
opac-privacy.pl
opac-ratings-ajax.pl
opac-ratings.pl
opac-readingrecord.pl Bug 24827: Standardise on 'UTF-8' as the encoding name 2020-03-16 14:45:39 +00:00
opac-recordedbooks-search.pl
opac-registration-verify.pl
opac-renew.pl Bug 24759: Move OpacRenewalBranch code to Koha::Item 2020-03-24 10:47:49 +00:00
opac-reportproblem.pl Bug 4461: Use inbound_email_address to know if we display the dropdown list 2020-04-06 11:19:44 +01:00
opac-request-article.pl
opac-reserve.pl Bug 19718: Show message if patron has existing holds on a title 2020-02-17 11:27:27 +00:00
opac-restrictedpage.pl Bug 24545: Fix license statements 2020-02-24 13:31:26 +00:00
opac-retrieve-file.pl
opac-review.pl
opac-routing-lists.pl
opac-search-history.pl Bug 23084: Replace grep {^$var$} with grep {$_ eq $var} 2020-02-17 10:44:45 +00:00
opac-search.pl Bug 24854: Remove IDreamBooks integration 2020-03-24 08:07:23 +00:00
opac-sendbasket.pl
opac-sendshelf.pl
opac-serial-issues.pl
opac-shareshelf.pl
opac-shelves.pl Bug 23482: Fix BakerTaylor cover images on lists 2020-02-21 15:44:01 +00:00
opac-showmarc.pl Bug 25009: Avoid leakages in opac-showmarc.pl 2020-04-27 10:44:10 +01:00
opac-showreviews.pl
opac-suggestions.pl Bug 22774: (follow-up) Limit purchase suggestion in a specified time period 2020-04-14 16:42:17 +01:00
opac-tags.pl Bug 18936: (QA follow-up) Remove 2 new occurrences of Koha::IssuingRules 2020-02-04 09:56:30 +00:00
opac-tags_subject.pl
opac-topissues.pl
opac-user.pl Bug 24476: Allow direct editing of autorenew_checkouts by patron 2020-03-24 11:23:58 +00:00
tracklinks.pl Bug 23836: exit after output_error 2019-11-27 11:30:19 +00:00
unapi Bug 24052: Rename XSLT_Handler 2020-03-24 10:42:23 +00:00