While placing a hold on a book, if a user opens up Inspect Element on the
Pick up location drop down box they can change the pick up location in
the code to a library that is not listed as a pick up location.
How to replicate:
Search for a book
Select book
Click Place Hold
On the screen Home > Placing a hold
Right click on Pick up location
Select 'Inspect Element'
Under
<!-- HOLDABLE -->
<li class="Branch">
<select name="Branch ******"> Pick Up location:</label>=$0
Option values are listed that relate to the pick up location, this value
can be changed to another new location and when the hold is placed
the hold will be placed for this new location instead of the listed options
in the Pick up location drop down list.
To test:
1. Apply patch
2. Repeat "How to replicate"
3. Observe it is no longer possible to place holds on libraries not defined
as pickup location by changing option value via Inspect Element tool
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
my $rank = $biblioData->{rank};
if ( $itemNum ne '' ) {
- $canreserve = 1 if CanItemBeReserved( $borrowernumber, $itemNum )->{status} eq 'OK';
+ $canreserve = 1 if CanItemBeReserved( $borrowernumber, $itemNum, $branch )->{status} eq 'OK';
}
else {
- $canreserve = 1 if CanBookBeReserved( $borrowernumber, $biblioNum )->{status} eq 'OK';
+ $canreserve = 1 if CanBookBeReserved( $borrowernumber, $biblioNum, $branch )->{status} eq 'OK';
# Inserts a null into the 'itemnumber' field of 'reserves' table.
$itemNum = undef;
projects / koha.git / commitdiff