https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20415 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dcook@prosentient.com.au --- Comment #19 from David Cook <dcook@prosentient.com.au> --- (In reply to Julian Maurice from comment #18)
Isn't it a little dangerous to give access to all of koha-conf.xml inside templates ? This could be used to retrieve sensitive information like mysql password, or the REST API's secret passphrase.
You can already retrieve that information using Perl though. What scenario do you see someone using it maliciously? -- You are receiving this mail because: You are watching all bug changes.