[Koha-bugs] [Bug 32178] query parameters in check_api_auth lets anyone assume a user id
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Nov 22 23:36:24 CET 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32178
--- Comment #22 from David Cook <dcook at prosentient.com.au> ---
(In reply to Jonathan Druart from comment #21)
> Any future plans to now use this new subroutine from other places?
Patterned off bug 31050, this new subroutine would probably need to be
refactored to add a "session" parameter, but C4::Auth::checkauth() and
C4::Auth::check_api_auth() could both use it. Maybe
C4::InstallAuth::checkauth() although that one is a very special case.
I don't have any immediate plans to write those patches, but I'd test/QA
someone else's patches. If no one else writes them, I might be able to do it
around February-April 2023.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list