10 Oct
2025
10 Oct
'25
10:51 a.m.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40943 --- Comment #7 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- One potential/theoretical concern could be leaking userenv to a template, logfile, cache, etc where it somehow could be exploited to get the session id or leak it into the http body. While scrolling thru userenv occurrences in the codebase, I dont see any reason for an actual concern about that. Obviously, we should (somehow) not allow that in the future too ;) -- You are receiving this mail because: You are watching all bug changes.