From 20dc9ce5a1255fa7722e23b9300de19ec35eda16 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Marc=20V=C3=A9ron?= Date: Thu, 26 Mar 2015 15:04:07 +0100 Subject: [PATCH] Bug 13917: OPAC: Putting holds still possible by URL even if turned off by system preference To test: 1) Prepare an URL that put's a hold in OPAC (see comment #1), e.g. [YOUR SERVER]/cgi-bin/koha/opac-reserve.pl?biblionumbers=1 2) Set system preference 'RequestOnOpac' to 'Don't allow patrons to place holds on items from the OPAC.' 3) Go diectly to this URL. Result: The page displays to confirm hold (wrong) 4) Apply patch 5) Repeat step 3 Result: Redirect to 404 page (OK) 6) Set system preference to "Allow" 7) Repeat step 3 Result: The page displays to confirm hold (OK), like it would be from link in OPAC. Signed-off-by: Jonathan Druart Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi --- opac/opac-reserve.pl | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/opac/opac-reserve.pl b/opac/opac-reserve.pl index c1b5387fab..5ab4c34470 100755 --- a/opac/opac-reserve.pl +++ b/opac/opac-reserve.pl @@ -42,6 +42,13 @@ use Date::Calc qw/Today Date_to_Days/; my $maxreserves = C4::Context->preference("maxreserves"); my $query = new CGI; + +# if RequestOnOpac (for placing holds) is disabled, leave immediately +if ( ! C4::Context->preference('RequestOnOpac') ) { + print $query->redirect("/cgi-bin/koha/errors/404.pl"); + exit; +} + my ( $template, $borrowernumber, $cookie ) = get_template_and_user( { template_name => "opac-reserve.tt", -- 2.39.5