https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=7550 --- Comment #25 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- (In reply to Marcel de Rooy from comment #24)
(In reply to Marc Véron from comment #14)
Hmm, my patch worked with a hash generated with the image file (as recommended in comment #7), and it did not leave a security hole with SelfCheckoutByLogin="barcode"
Looks to me that this option is a security hole on itself? If I guess barcodes, I can still see all images? If I come on sco-main, I will automatically get the image from the img tag as well? Or do I misunderstand the discussion here?
The commit message says everything: """ With this patch if SelfCheckoutByLogin is set to 'username and password', only the logged in user will be able to see the image linked to his/her logged in account. If set to "barcode" we generate a token but it can be easily generated. You should add a warning in the about page if SelfCheckoutByLogin="barcode" and ShowPatronImageInWebBasedSelfCheck="Show". """ -- You are receiving this mail because: You are watching all bug changes.