[koha-commits] main Koha release repository branch 17.05.x updated. v17.05.03-31-g4b71c92
Git repo owner
gitmaster at git.koha-community.org
Tue Sep 12 15:56:04 CEST 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".
The branch, 17.05.x has been updated
via 4b71c9239708cd4d60190ed907fec03d1f8b08bc (commit)
from afb2cb0c74b6a137652ec1a2e96fc480a5a50f96 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 4b71c9239708cd4d60190ed907fec03d1f8b08bc
Author: David Cook <dcook at prosentient.com.au>
Date: Thu Jul 27 11:58:28 2017 +1000
Bug 18898 - Some permissions for Reports can be bypassed
If you manually visit the following links when you only have
permission to run reports, you'll still be able to access the ability
to create and edit reports:
/cgi-bin/koha/reports/guided_reports.pl?phase=Create%20report%20from%20SQL
/cgi-bin/koha/reports/guided_reports.pl?phase=Edit%20SQL
This patch ties these 2 unaccounted for phases to the create_reports
permission.
With patch, issue no longer can be reproduced.
Signed-off-by: Marc Véron <veron at veron.ch>
Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
(cherry picked from commit 2fdfbaf0ddbf214c0efb9a3a3c2595a54517f795)
Signed-off-by: Fridolin Somers <fridolin.somers at biblibre.com>
-----------------------------------------------------------------------
Summary of changes:
reports/guided_reports.pl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
hooks/post-receive
--
main Koha release repository
More information about the koha-commits
mailing list