From 800494a5ef27ff3066843bf5f20d2064dd3de284 Mon Sep 17 00:00:00 2001 From: Nahuel ANGELINETTI Date: Thu, 24 Dec 2009 15:20:47 +0100 Subject: [PATCH] (bug #4004) disallow access for non-logged in users in opac This doesn't define borrowernumber = 0 if a borrower is NOT logged. We know borrowernumber 0 is mysqluser... So in virtualshelves, a non logged user have all permissions. --- C4/Auth.pm | 3 ++- C4/VirtualShelves.pm | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/C4/Auth.pm b/C4/Auth.pm index f0be27cb91..ea10d16816 100755 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -165,7 +165,8 @@ sub get_template_and_user { $template->param( bartotal => $total->{'bartotal'}, ) if ($total->{'bartotal'} > scalar (@$barshelves)); } - $borrowernumber = getborrowernumber($user); + $borrowernumber = getborrowernumber($user) if defined($user); + my ( $borr ) = GetMemberDetails( $borrowernumber ); my @bordat; $bordat[0] = $borr; diff --git a/C4/VirtualShelves.pm b/C4/VirtualShelves.pm index eda6840cbc..735087e1a6 100644 --- a/C4/VirtualShelves.pm +++ b/C4/VirtualShelves.pm @@ -476,6 +476,7 @@ sub ShelfPossibleAction { $sth->execute($shelfnumber); my ( $owner, $category ) = $sth->fetchrow; my $borrower = GetMemberDetails($user); + return 0 if not defined($user); return 1 if ( $category >= 3); # open list return 1 if (($category >= 2) and defined($action) and $action eq 'view'); # public list, anybody can view -- 2.39.5