]> git.koha-community.org Git - koha.git/commit
Bug 20083: (follow-up) use same logic in opac-showmarc
authorMark Tompsett <mtompset@hotmail.com>
Tue, 30 Jan 2018 22:35:39 +0000 (22:35 +0000)
committerJonathan Druart <jonathan.druart@bugs.koha-community.org>
Wed, 4 Apr 2018 18:45:34 +0000 (15:45 -0300)
commit9a76781f9ef0ba997fdaf79d78648a6c41827f03
tree32180e1e83e46036f8a8445c30449f867b68658f
parentf8ce3d88b18ece5c04fbe923a37ce7a9aa715c3c
Bug 20083: (follow-up) use same logic in opac-showmarc

It was correctly pointed out that opac-showmarc would leak
the same way as catalogue/showmarc.pl, and so this patch
moves the authentication step up to the top where it
should be so as to prevent inappropriate data leaks.

TEST PLAN
---------
1) Set your OpacPublic system preference to Disabled
2) Open your OPAC and login
3) Find a biblio with items
4) Go to the opac details, particularly MARC view.
5) Copy the "view plain" shortcut link.
6) log out.
7) Paste the link into the address bar.
   -- the information will leak!
8) apply the patch
9) restart_all
10) Refresh the OPAC link
    -- log in screen will appear.
11) run koha qa test tools

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
opac/opac-showmarc.pl