https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40275
--- Comment #19 from David Cook <[email protected]> --- (In reply to Aleisha Amohia from comment #13) > (In reply to David Cook from comment #12) > > Do you have some examples of some other places? > > > > There are a number of places where I think we should actually be moving to > > using borrowernumber instead of cardnumber/userid, so some places might need > > that fix instead of this one? (For example bug 34018 or bug 39535) > > I started making that list, and then stopped because I had the same thought > about using borrowernumber instead, and being out of scope. > > But as an example, there is this instance in C4::Auth->check_cookie_auth() > that I'm not sure about? > > 1943 } elsif ($userid) { > 1944 $session->param( 'lasttime', time() ); > 1945 my $patron = Koha::Patrons->find( { userid => $userid } ); > 1946 > 1947 # If the user modify their own userid > 1948 # Better than 500 but we could do better > 1949 unless ($patron) { > 1950 $session->delete(); > 1951 $session->flush; > 1952 return ( "expired", undef ); > 1953 } > 1954 > 1955 $patron = Koha::Patrons->find( { cardnumber => $userid } ) > 1956 unless $patron; Yeah, I'm pretty sure this is one of those places we should be using borrowernumber (ie $session->param('number') rather than the userid in $session->param('id')) instead. The current lookup by userid and cardnumber there is... not good. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
