10 Nov
2022
10 Nov
'22
12:48 a.m.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=31699 --- Comment #32 from David Cook <dcook@prosentient.com.au> --- (In reply to David Cook from comment #31)
If I erase OPACBaseURL, then I get the open redirect vulnerability again.
Worth noting that this affects only logged in users. The redirect code won't trigger for anonymous users, since we short-circuit opac-user.pl for anonymous users and prompt with a regular login box. -- You are receiving this mail because: You are watching all bug changes.