From 9f8187257a45b502a2b53ec1768177e7883dda35 Mon Sep 17 00:00:00 2001 From: Aleisha Amohia Date: Tue, 19 Feb 2019 21:00:31 +0000 Subject: [PATCH] Bug 22370: Prevent OPAC users from seeing staff news from URL To test: 1) Have some OPAC and staff only news items 2) On the OPAC view a single news item 3) Change the ID in the URL to the ID of a staff news item 4) Notice you can view the news item without any problems 5) Apply the patch and refresh the page 6) An error should show that the news item doesn't exist 7) Confirm you can still view OPAC news items individually Sponsored-by: Catalyst IT Signed-off-by: Josef Moravec Signed-off-by: Katrin Fischer Signed-off-by: Nick Clemens --- opac/opac-main.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/opac/opac-main.pl b/opac/opac-main.pl index fbfd925d49..965618c5d3 100755 --- a/opac/opac-main.pl +++ b/opac/opac-main.pl @@ -67,7 +67,7 @@ my $news_id = $input->param('news_id'); my @all_koha_news; if (defined $news_id){ - @all_koha_news = Koha::News->search({ idnew => $news_id }); + @all_koha_news = Koha::News->search({ idnew => $news_id, lang => { '!=', 'koha' } }); # get news that is not staff-only news if (scalar @all_koha_news > 0){ $template->param( news_item => @all_koha_news ); } else { -- 2.39.5