[Koha-bugs] [Bug 7383] cart name is [Blank] when not logged in
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Jan 5 17:53:32 CET 2012
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=7383
--- Comment #9 from Chris Cormack <chris at bigballofwax.co.nz> 2012-01-05 16:53:32 UTC ---
(In reply to comment #8)
> Chris and Owen, Does the current fix you are suggesting (requiring login to
> e-mail cart) still allow a person who is not logged-in to search the catalog
> and print/download the cart? If yes, does the clicking on the "Send" link
> prompt the message, "You must be logged in to e-mail this cart"?
The fix reverts the regression and puts it back how it was before in was
accidentally changed.
The other bug can then be used to change, on purpose.
If I was you I would focus my energy on bug 4274, not this one. Bug 3651 puts
the behaviour of the cart send, list send and opac-userudpate back as they
were. It has been signed off, and should be pushed as soon as possible because
currently, people could send an userupdate request without being logged in
also.
And yes it is only sending the cart, printing and downloading don't require
logging in.
But again, security is more important here, and bug 3651 should have its patch
pushed and then people can work on how to do anonymous cart sending in a safe
manner.
--
Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the Koha-bugs
mailing list