From dbee200409d738fcf7c4fdcfb2cd19f5d6d36c04 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Wed, 29 Mar 2017 18:25:40 -0300 Subject: [PATCH] Bug 18349: SCO - Do not trust the confirmed flag The "confirmed" flag is used to know if that user confirmed a situation that needs a confirmation. But if the issue/renew is impossible the CanBookBeIssued and the 'impossible flags' should be checked. Otherwise a patron can checkout and renew bypassing the circulation rules (Understand 'no limit' here...) Test plan: Want to renew? Checkin $barcode, then /cgi-bin/koha/sco/sco-main.pl?patronid=$cardnumber&barcode=$barcode&confirmed=1&op=checkout Want to bypass the checkin? Same url... Signed-off-by: Nick Clemens Signed-off-by: Kyle M Hall (cherry picked from commit 85bd15a83ffdab0c2e28eae54e50ce4dee9e608b) Signed-off-by: Katrin Fischer --- opac/sco/sco-main.pl | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/opac/sco/sco-main.pl b/opac/sco/sco-main.pl index fe079a2722..decb97377b 100755 --- a/opac/sco/sco-main.pl +++ b/opac/sco/sco-main.pl @@ -136,15 +136,13 @@ elsif ( $op eq "returnbook" && $allowselfcheckreturns ) { elsif ( $op eq "checkout" ) { my $impossible = {}; my $needconfirm = {}; - if ( !$confirmed ) { - ( $impossible, $needconfirm ) = CanBookBeIssued( - $borrower, - $barcode, - undef, - 0, - C4::Context->preference("AllowItemsOnHoldCheckoutSCO") - ); - } + ( $impossible, $needconfirm ) = CanBookBeIssued( + $borrower, + $barcode, + undef, + 0, + C4::Context->preference("AllowItemsOnHoldCheckoutSCO") + ); $confirm_required = scalar keys %$needconfirm; #warn "confirm_required: " . $confirm_required ; -- 2.39.5