projects
/
koha_fer
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
e2de21a
)
Bug 11866: (follow-up) repair security issue introduced by main patch
author
Galen Charlton
<gmc@esilibrary.com>
Mon, 10 Mar 2014 14:57:17 +0000
(14:57 +0000)
committer
Galen Charlton
<gmc@esilibrary.com>
Mon, 10 Mar 2014 14:57:17 +0000
(14:57 +0000)
The main patch allows /any/ user with an account on the Koha system
to view the staff-side course-reserves home page -- including ordinary
patrons. This patch repairs the oversight.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
course_reserves/course-reserves.pl
patch
|
blob
|
history
diff --git
a/course_reserves/course-reserves.pl
b/course_reserves/course-reserves.pl
index
4aa982a
..
95baf7b
100755
(executable)
--- a/
course_reserves/course-reserves.pl
+++ b/
course_reserves/course-reserves.pl
@@
-35,6
+35,7
@@
my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
query => $cgi,
type => "intranet",
authnotrequired => 0,
+ flagsrequired => { catalogue => 1 },
}
);