Fix for Bug 3140 - It is possible to email someone else's private list

[koha-ffzg.git] / opac / opac-sendshelf.pl

diff --git a/opac/opac-sendshelf.pl b/opac/opac-sendshelf.pl
index 6a376c4..e3798f8 100755 (executable)
--- a/opac/opac-sendshelf.pl
+++ b/opac/opac-sendshelf.pl
@@ -51,6 +51,8 @@ my $email   = $query->param('email');
 
 my $dbh          = C4::Context->dbh;
 
+if ( ShelfPossibleAction( (defined($borrowernumber) ? $borrowernumber : -1), $shelfid, 'view' ) ) {
+
 if ( $email ) {
     my $email_from = C4::Context->preference('KohaAdminEmailAddress');
     my $comment    = $query->param('comment');
@@ -177,3 +179,10 @@ END_OF_BODY
                     );
     output_html_with_http_headers $query, $cookie, $template->output;
 }
+
+} else {
+    $template->param( invalidlist => 1,
+                      url     => "/cgi-bin/koha/opac-sendshelf.pl",
+    );
+    output_html_with_http_headers $query, $cookie, $template->output;
+}
\ No newline at end of file