From 3f9b523bc508021340d302bd4875e2cb6672199b Mon Sep 17 00:00:00 2001 From: David Cook Date: Tue, 20 Feb 2024 23:06:08 +0000 Subject: [PATCH] Bug 34478: Fix sco-patron-image.pl access control regression Signed-off-by: Jonathan Druart --- .../opac-tmpl/bootstrap/en/modules/sco/sco-main.tt | 2 +- opac/sco/sco-patron-image.pl | 12 +++++++++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/sco/sco-main.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/sco/sco-main.tt index a39f777b35..adbb4f0d94 100644 --- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/sco/sco-main.tt +++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/sco/sco-main.tt @@ -295,7 +295,7 @@ [% IF ( display_patron_image ) %]
- +
[% END %] diff --git a/opac/sco/sco-patron-image.pl b/opac/sco/sco-patron-image.pl index 18662e2bb7..5564003566 100755 --- a/opac/sco/sco-patron-image.pl +++ b/opac/sco/sco-patron-image.pl @@ -40,10 +40,16 @@ unless ( in_iprange(C4::Context->preference('SelfCheckAllowByIPRanges')) ) { exit; } -my ($borrowernumber) = C4::Service->require_params('borrowernumber'); +my $jwt = $query->cookie('JWT'); -my $patron = Koha::Patrons->find( $borrowernumber ); -my $patron_image = $patron->image; +#NOTE: This should be borrowernumber and not cardnumber, but that's a deeper problem with patron images... +my $cardnumber = $jwt ? Koha::Token->new->decode_jwt( { token => $jwt } ) : undef; +my $patron = Koha::Patrons->find( { cardnumber => $cardnumber } ); + +my $patron_image; +if ($patron) { + $patron_image = $patron->image; +} if ($patron_image) { -- 2.39.5