From 2923cfdff4466efed55dd3d3dbee8ba37f6ff882 Mon Sep 17 00:00:00 2001 From: Owen Leonard Date: Wed, 23 Apr 2014 12:59:25 -0400 Subject: [PATCH] Bug 6322 - It's possible to view lists/virtualshelves even when virtualshelves is off If the user knows the URL for OPAC lists they can access them even with the virtualshelves preference turned off. This patch copies the solution added to opac-topissues.pl by Bug 10595 and applies it to OPAC lists pages. To test, apply the patch and set the virtualshelves system preference to "don't allow." - Navigate to /cgi-bin/koha/opac-shelves.pl. You should be redirected to an Error 404 page. - Also check: - /cgi-bin/koha/opac-shareshelf.pl. - /cgi-bin/koha/opac-downloadshelf.pl - /cgi-bin/koha/opac-sendshelf.pl - /cgi-bin/koha/opac-addbybiblionumber.pl - Turn virtualshelves back on. Access to lists and list sharing should be restored. Signed-off-by: Aleisha Signed-off-by: Kyle M Hall Signed-off-by: Brendan A Gallagher --- opac/opac-addbybiblionumber.pl | 5 +++++ opac/opac-downloadshelf.pl | 6 ++++++ opac/opac-sendshelf.pl | 6 ++++++ opac/opac-shareshelf.pl | 8 ++++++++ opac/opac-shelves.pl | 6 ++++++ 5 files changed, 31 insertions(+) diff --git a/opac/opac-addbybiblionumber.pl b/opac/opac-addbybiblionumber.pl index b8ad33064c..eec38bd832 100755 --- a/opac/opac-addbybiblionumber.pl +++ b/opac/opac-addbybiblionumber.pl @@ -40,6 +40,11 @@ our $authorized = 1; our $errcode = 0; our @biblios; +# if virtualshelves is disabled, leave immediately +if ( ! C4::Context->preference('virtualshelves') ) { + print $query->redirect("/cgi-bin/koha/errors/404.pl"); + exit; +} if (scalar(@biblionumber) == 1) { @biblionumber = (split /\//,$biblionumber[0]); diff --git a/opac/opac-downloadshelf.pl b/opac/opac-downloadshelf.pl index 94bdae1611..610208213e 100755 --- a/opac/opac-downloadshelf.pl +++ b/opac/opac-downloadshelf.pl @@ -36,6 +36,12 @@ use Koha::Virtualshelves; use utf8; my $query = new CGI; +# if virtualshelves is disabled, leave immediately +if ( ! C4::Context->preference('virtualshelves') ) { + print $query->redirect("/cgi-bin/koha/errors/404.pl"); + exit; +} + my ( $template, $borrowernumber, $cookie ) = get_template_and_user ( { template_name => "opac-downloadshelf.tt", diff --git a/opac/opac-sendshelf.pl b/opac/opac-sendshelf.pl index 8d39c938cf..d4d31d86c0 100755 --- a/opac/opac-sendshelf.pl +++ b/opac/opac-sendshelf.pl @@ -37,6 +37,12 @@ use Koha::Virtualshelves; my $query = new CGI; +# if virtualshelves is disabled, leave immediately +if ( ! C4::Context->preference('virtualshelves') ) { + print $query->redirect("/cgi-bin/koha/errors/404.pl"); + exit; +} + my ( $template, $borrowernumber, $cookie ) = get_template_and_user ( { template_name => "opac-sendshelfform.tt", diff --git a/opac/opac-shareshelf.pl b/opac/opac-shareshelf.pl index 7bc07eefee..2c788ce12c 100755 --- a/opac/opac-shareshelf.pl +++ b/opac/opac-shareshelf.pl @@ -36,6 +36,14 @@ use C4::Output; use Koha::Virtualshelves; use Koha::Virtualshelfshares; + +# if virtualshelves is disabled, leave immediately +if ( ! C4::Context->preference('virtualshelves') ) { + my $query = new CGI; + print $query->redirect("/cgi-bin/koha/errors/404.pl"); + exit; +} + #------------------------------------------------------------------------------- my $pvar = _init( {} ); diff --git a/opac/opac-shelves.pl b/opac/opac-shelves.pl index 067eb10f15..8b66274c1e 100755 --- a/opac/opac-shelves.pl +++ b/opac/opac-shelves.pl @@ -33,6 +33,12 @@ my $query = new CGI; my $template_name = $query->param('rss') ? "opac-shelves-rss.tt" : "opac-shelves.tt"; +# if virtualshelves is disabled, leave immediately +if ( ! C4::Context->preference('virtualshelves') ) { + print $query->redirect("/cgi-bin/koha/errors/404.pl"); + exit; +} + my ( $template, $loggedinuser, $cookie ) = get_template_and_user({ template_name => $template_name, query => $query, -- 2.39.5