From d747bc36b59e1ae60a1487372facca247f1d111c Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Fri, 3 Sep 2021 12:01:12 +0200 Subject: [PATCH] Bug 28947: Prevent OPAC user to create new users This patch prevents an existing user from exploiting the patron edit form in order to force create new patrons To test: Try all combinations of PatronSelfRegistration and PatronSelfRegistrationVerifyByEmail with and without this patch. Signed-off-by: Nick Clemens Signed-off-by: Marcel de Rooy (cherry picked from commit eab5f18787d5b7b5efc374a7dc87ef4090e5bac0) Signed-off-by: Victor Grousset/tuxayo --- opac/opac-memberentry.pl | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/opac/opac-memberentry.pl b/opac/opac-memberentry.pl index 7380afe763..39c6536997 100755 --- a/opac/opac-memberentry.pl +++ b/opac/opac-memberentry.pl @@ -63,6 +63,11 @@ unless ( C4::Context->preference('PatronSelfRegistration') || $borrowernumber ) } my $action = $cgi->param('action') || q{}; +if ( $borrowernumber && ( $action eq 'create' || $action eq 'new' ) ) { + print $cgi->redirect("/cgi-bin/koha/opac-main.pl"); + exit; +} + if ( $action eq q{} ) { if ($borrowernumber) { $action = 'edit'; -- 2.39.5