From b90824527b47e78e56e2f602199481325beeec15 Mon Sep 17 00:00:00 2001 From: Victor Grousset Date: Fri, 24 Nov 2017 12:02:47 +0100 Subject: [PATCH] Bug 12497: Fix OPAC search history reachable by URL even when disabled Test plan: 1. Set EnableOpacSearchHistory syspref to "Keep" 2. Make a search in the OPAC 3. Go to /cgi-bin/koha/opac-search-history.pl 4. Set the EnableOpacSearchHistory syspref to "Don't keep" 5. Refresh the OPAC page to show that history is still accessible 6. Apply the patch 7. Refresh the OPAC page, you should end on the 404 page 8. Set EnableOpacSearchHistory syspref to "Keep" 9. Go to /cgi-bin/koha/opac-search-history.pl which should be reachable Signed-off-by: David Bourgault Signed-off-by: Charles Farmer Signed-off-by: Marcel de Rooy Signed-off-by: Jonathan Druart Signed-off-by: Nick Clemens --- opac/opac-search-history.pl | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/opac/opac-search-history.pl b/opac/opac-search-history.pl index 2ee2b40b8e..3ae4aadd2b 100755 --- a/opac/opac-search-history.pl +++ b/opac/opac-search-history.pl @@ -45,6 +45,11 @@ my ($template, $loggedinuser, $cookie) = get_template_and_user( } ); +unless ( C4::Context->preference("EnableOpacSearchHistory") ) { + print $cgi->redirect("/cgi-bin/koha/errors/404.pl"); # escape early + exit; +} + my $type = $cgi->param('type'); my $action = $cgi->param('action') || q{}; my $previous = $cgi->param('previous'); -- 2.39.5