http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12873
Bug ID: 12873
Summary: Reserve can be cancelled by any logged in user
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: trivial
Priority: P3
Component: OPAC
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
It is possible to cancel reservations through simply running opac-modreserve.pl
with existing reserve_id number. This may provide remove even all reservations
from system.
The only limitation is that user have to be logged in.
Simplest solution is to check whether reserve belongs to user or not.
A patch will follow.
--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
