[Koha-bugs] [Bug 32406] Cannot search pending orders using non-latin-1 scripts
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Dec 12 06:12:16 CET 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32406
--- Comment #6 from David Cook <dcook at prosentient.com.au> ---
(In reply to Marcel de Rooy from comment #5)
> Just posted a comment on 32401 about encoding header. This is a move from
> header to URL parameter.
> Could we have a privacy issue with exposing search terms like that, since
> URLs are much more visible? Log files, etc.
For bug 32406, I wouldn't worry about it, because it's order data. It's
unlikely to be sensitive.
But it's an interesting point. In master, the search is already put in the "q"
parameter for http://localhost:8081/cgi-bin/koha/members/member.pl
I suppose things like email addresses, phone numbers, usernames, etc could
potentially be passed through that and wind up in logs. It wouldn't necessarily
be that coherent though.
But I think it would be fair to argue that searches should be POSTs.
Of course, that gets complicated in terms of a RESTful interface.
I think one could consider the "search" to be the resource though, so POSTing
to create a search makes sense.
Bit of a philosophical-technical discussion to have there I think.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list