From d197d32daf1bb3c9577d9bbe1fc4e8003e3c737e Mon Sep 17 00:00:00 2001 From: Galen Charlton Date: Mon, 10 Mar 2014 14:57:17 +0000 Subject: [PATCH] Bug 11866: (follow-up) repair security issue introduced by main patch The main patch allows /any/ user with an account on the Koha system to view the staff-side course-reserves home page -- including ordinary patrons. This patch repairs the oversight. Signed-off-by: Galen Charlton (cherry picked from commit e9903d760e41410bf871053ccccf00c3a037862d) Signed-off-by: Fridolin Somers --- course_reserves/course-reserves.pl | 1 + 1 file changed, 1 insertion(+) diff --git a/course_reserves/course-reserves.pl b/course_reserves/course-reserves.pl index 4aa982a0a2..95baf7bf8b 100755 --- a/course_reserves/course-reserves.pl +++ b/course_reserves/course-reserves.pl @@ -35,6 +35,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user( query => $cgi, type => "intranet", authnotrequired => 0, + flagsrequired => { catalogue => 1 }, } ); -- 2.39.5