https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27358 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off --- Comment #16 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- This works well and I like it.. signing off.. However, I have one security/qa comment... I think it would be best to reverse the logic here.. Instead of the `BlockList` approach, we have with `api_privileged_attrs` I think we should instead implement an `AllowList` to 'fail safe' if someone forgets to add a field to the list: `api_public_atts` perhaps? -- You are receiving this mail because: You are watching all bug changes.