From 74ec89abc60bcc6ffc4361150b6f2d63529a4004 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Fri, 3 Sep 2021 12:01:12 +0200 Subject: [PATCH] Bug 28947: Prevent OPAC user to create new users This patch prevents an existing user from exploiting the patron edit form in order to force create new patrons To test: Try all combinations of PatronSelfRegistration and PatronSelfRegistrationVerifyByEmail with and without this patch. Signed-off-by: Nick Clemens Signed-off-by: Marcel de Rooy Signed-off-by: Jonathan Druart --- opac/opac-memberentry.pl | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/opac/opac-memberentry.pl b/opac/opac-memberentry.pl index 3dc850a174..5fab449a3c 100755 --- a/opac/opac-memberentry.pl +++ b/opac/opac-memberentry.pl @@ -64,6 +64,11 @@ unless ( C4::Context->preference('PatronSelfRegistration') || $borrowernumber ) } my $action = $cgi->param('action') || q{}; +if ( $borrowernumber && ( $action eq 'create' || $action eq 'new' ) ) { + print $cgi->redirect("/cgi-bin/koha/opac-main.pl"); + exit; +} + if ( $action eq q{} ) { if ($borrowernumber) { $action = 'edit'; -- 2.39.5