From d747bc36b59e1ae60a1487372facca247f1d111c Mon Sep 17 00:00:00 2001
From: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Date: Fri, 3 Sep 2021 12:01:12 +0200
Subject: [PATCH] Bug 28947: Prevent OPAC user to create new users

This patch prevents an existing user from exploiting the patron edit form in order to
force create new patrons

To test:
Try all combinations of PatronSelfRegistration and PatronSelfRegistrationVerifyByEmail
with and without this patch.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
(cherry picked from commit eab5f18787d5b7b5efc374a7dc87ef4090e5bac0)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
---
 opac/opac-memberentry.pl | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/opac/opac-memberentry.pl b/opac/opac-memberentry.pl
index 7380afe763..39c6536997 100755
--- a/opac/opac-memberentry.pl
+++ b/opac/opac-memberentry.pl
@@ -63,6 +63,11 @@ unless ( C4::Context->preference('PatronSelfRegistration') || $borrowernumber )
 }
 
 my $action = $cgi->param('action') || q{};
+if ( $borrowernumber && ( $action eq 'create' || $action eq 'new' ) ) {
+    print $cgi->redirect("/cgi-bin/koha/opac-main.pl");
+    exit;
+}
+
 if ( $action eq q{} ) {
     if ($borrowernumber) {
         $action = 'edit';
-- 
2.39.5