From 24850371ac78866b62e2ae41283875e1d8e3ac3e Mon Sep 17 00:00:00 2001 From: Owen Leonard Date: Wed, 23 Apr 2014 12:59:25 -0400 Subject: [PATCH] Bug 6322 - It's possible to view lists/virtualshelves even when virtualshelves is off MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit If the user knows the URL for OPAC lists they can access them even with the virtualshelves preference turned off. This patch copies the solution added to opac-topissues.pl by Bug 10595 and applies it to OPAC lists pages. To test, apply the patch and set the virtualshelves system preference to "don't allow." - Navigate to /cgi-bin/koha/opac-shelves.pl. You should be redirected to an Error 404 page. - Also check: - /cgi-bin/koha/opac-shareshelf.pl. - /cgi-bin/koha/opac-downloadshelf.pl - /cgi-bin/koha/opac-sendshelf.pl - /cgi-bin/koha/opac-addbybiblionumber.pl - Turn virtualshelves back on. Access to lists and list sharing should be restored. Signed-off-by: Aleisha Signed-off-by: Kyle M Hall Signed-off-by: Brendan A Gallagher (cherry picked from commit 2923cfdff4466efed55dd3d3dbee8ba37f6ff882) Signed-off-by: Julian Maurice (cherry picked from commit 59229f74805c9bdc817b0c5f65b311f9825ce3b3) Signed-off-by: Frédéric Demians --- opac/opac-addbybiblionumber.pl | 10 ++++++++++ opac/opac-downloadshelf.pl | 6 ++++++ opac/opac-sendshelf.pl | 6 ++++++ opac/opac-shareshelf.pl | 8 ++++++++ opac/opac-shelves.pl | 6 ++++++ 5 files changed, 36 insertions(+) diff --git a/opac/opac-addbybiblionumber.pl b/opac/opac-addbybiblionumber.pl index 6855aa2be2..92153d898d 100755 --- a/opac/opac-addbybiblionumber.pl +++ b/opac/opac-addbybiblionumber.pl @@ -42,6 +42,16 @@ our $authorized = 1; our $errcode = 0; our @biblios; +# if virtualshelves is disabled, leave immediately +if ( ! C4::Context->preference('virtualshelves') ) { + print $query->redirect("/cgi-bin/koha/errors/404.pl"); + exit; +} + +if (scalar(@biblionumber) == 1) { + @biblionumber = (split /\//,$biblionumber[0]); +} + our ( $template, $loggedinuser, $cookie ) = get_template_and_user( { template_name => "opac-addbybiblionumber.tt", diff --git a/opac/opac-downloadshelf.pl b/opac/opac-downloadshelf.pl index fc86620fdd..e45ab0f8de 100755 --- a/opac/opac-downloadshelf.pl +++ b/opac/opac-downloadshelf.pl @@ -34,6 +34,12 @@ use C4::Csv; use utf8; my $query = new CGI; +# if virtualshelves is disabled, leave immediately +if ( ! C4::Context->preference('virtualshelves') ) { + print $query->redirect("/cgi-bin/koha/errors/404.pl"); + exit; +} + my ( $template, $borrowernumber, $cookie ) = get_template_and_user ( { template_name => "opac-downloadshelf.tt", diff --git a/opac/opac-sendshelf.pl b/opac/opac-sendshelf.pl index ae3d6afad6..31b97f0e2d 100755 --- a/opac/opac-sendshelf.pl +++ b/opac/opac-sendshelf.pl @@ -37,6 +37,12 @@ use Koha::Email; my $query = new CGI; +# if virtualshelves is disabled, leave immediately +if ( ! C4::Context->preference('virtualshelves') ) { + print $query->redirect("/cgi-bin/koha/errors/404.pl"); + exit; +} + my ( $template, $borrowernumber, $cookie ) = get_template_and_user ( { template_name => "opac-sendshelfform.tt", diff --git a/opac/opac-shareshelf.pl b/opac/opac-shareshelf.pl index f967d711b8..55cc1f573b 100755 --- a/opac/opac-shareshelf.pl +++ b/opac/opac-shareshelf.pl @@ -34,6 +34,14 @@ use C4::Members (); use C4::Output; use C4::VirtualShelves; + +# if virtualshelves is disabled, leave immediately +if ( ! C4::Context->preference('virtualshelves') ) { + my $query = new CGI; + print $query->redirect("/cgi-bin/koha/errors/404.pl"); + exit; +} + #------------------------------------------------------------------------------- my $pvar = _init( {} ); diff --git a/opac/opac-shelves.pl b/opac/opac-shelves.pl index 2b09535a54..7b3c7ec10b 100755 --- a/opac/opac-shelves.pl +++ b/opac/opac-shelves.pl @@ -27,6 +27,12 @@ my $query = CGI->new(); my $template_name = $query->param('rss') ? "opac-shelves-rss.tt" : "opac-shelves.tt"; +# if virtualshelves is disabled, leave immediately +if ( ! C4::Context->preference('virtualshelves') ) { + print $query->redirect("/cgi-bin/koha/errors/404.pl"); + exit; +} + my ( $template, $loggedinuser, $cookie ) = get_template_and_user({ template_name => $template_name, query => $query, -- 2.39.5