http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=7550 Jonathan Druart <jonathan.druart@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jonathan.druart@biblibre.co | |m --- Comment #2 from Jonathan Druart <jonathan.druart@biblibre.com> --- (In reply to Owen Leonard from comment #0)
The patron image display in the self-checkout takes a GET parameter from the image source, so if someone copied the image location and substituted the barcode string they could browse through all patron images:
<img alt="" src="/cgi-bin/koha/sco/sco-patron-image.pl?cardnumber=XXXX">
It would offer patrons better privacy to limit that request based on the currently-logged-in user.
It could only work if SelfCheckoutByLogin is set to 'username and password'. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.