From 63ebdb815987f0072587b7e3df5dc54cada1accd Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Mon, 13 Aug 2018 12:55:55 -0300 Subject: [PATCH] Bug 21192: Do not pick SelfRegistration hidden fields for SelfModification MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit There was a mix up between "modification" and "edit" for $action in opac-memberentry.pl. If a patron is logged into the OPAC and they attempt to submit changes to their personal details without having actually changed anything, the page reloads with a message stating 'No changes were made.' However, the fields that now appear are those that have been allowed/hidden according to the preferences set for patron self registration, even if patron self registration is disabled. This can lead to problems if there are discrepancies between the fields allowed for self register settings and those allowed for patron self modification settings. To replicate: 1.) In Administration › System preferences > OPAC, set PatronSelfRegistration to 'don't allow' 2.) Modify the unwanted fields for PatronSelfModificationBorrowerUnwantedField and PatronSelfRegistrationBorrowerUnwantedField so that at least one field is different between the two settings and save (for example, specify 'mobile' to be hidden in the former, but don't include in the list of fields to be hidden in the latter). 3.) Log into the OPAC and navigate to the 'your personal details' tab. Notice that the editable fields correspond to those not hidden by PatronSelfModificationBorrowerUnwantedField 4.) Without making any changes, click on 'Submit update request'. 5.) Note that on this page the fields correspond to those not hidden by PatronSelfRegistrationBorrowerUnwantedField and are now editable (including any fields that would otherwise be hidden by the Self Modification settings). Reported-By: Chris Slone Signed-off-by: Devinim Signed-off-by: Julian Maurice Signed-off-by: Nick Clemens (cherry picked from commit e0b1f945f9cdb4efd8b4403855cdc995023dc8be) Signed-off-by: Martin Renvoize --- opac/opac-memberentry.pl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/opac/opac-memberentry.pl b/opac/opac-memberentry.pl index 335d1c4c77..dbb6d99e5c 100755 --- a/opac/opac-memberentry.pl +++ b/opac/opac-memberentry.pl @@ -89,7 +89,7 @@ if ( defined $min ) { $template->param( action => $action, - hidden => GetHiddenFields( $mandatory, 'registration' ), + hidden => GetHiddenFields( $mandatory, $action ), mandatory => $mandatory, libraries => \@libraries, OPACPatronDetails => C4::Context->preference('OPACPatronDetails'), @@ -316,7 +316,7 @@ elsif ( $action eq 'edit' ) { #Display logged in borrower's data $template->param( borrower => $borrower, guarantor => scalar Koha::Patrons->find($borrowernumber)->guarantor(), - hidden => GetHiddenFields( $mandatory, 'modification' ), + hidden => GetHiddenFields( $mandatory, 'edit' ), csrf_token => Koha::Token->new->generate_csrf({ session_id => scalar $cgi->cookie('CGISESSID'), }), @@ -345,7 +345,7 @@ sub GetHiddenFields { my ( $mandatory, $action ) = @_; my %hidden_fields; - my $BorrowerUnwantedField = $action eq 'modification' ? + my $BorrowerUnwantedField = $action eq 'edit' || $action eq 'update' ? C4::Context->preference( "PatronSelfModificationBorrowerUnwantedField" ) : C4::Context->preference( "PatronSelfRegistrationBorrowerUnwantedField" ); -- 2.39.5