[Koha-bugs] [Bug 11911] New: purchase suggestions permission can be bypassed
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Sat Mar 8 01:12:25 CET 2014
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11911
Bug ID: 11911
Summary: purchase suggestions permission can be bypassed
Change sponsored?: ---
Product: Koha
Version: 3.12
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P5 - low
Component: Patrons
Assignee: koha-bugs at lists.koha-community.org
Reporter: nengard at gmail.com
QA Contact: testopia at bugs.koha-community.org
CC: gmcharlt at gmail.com, kyle.m.hall at gmail.com
If I don’t give an account a permission to the purchase suggestions, but they
have a copy of the link, such as
http://mysite/cgi-bin/koha/suggestion/suggestion.pl?displayby=STATUS&branchcode=__ANY__,
they can go straight into the feature without permission. Shouldn’t the
suggestion.pl be checking permissions upon loading? Do most pages function in
this manner?
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list