[Koha-bugs] [Bug 4816] New: placerequest.pl does not require staff authentication
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed May 26 04:36:02 CEST 2010
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=4816
Summary: placerequest.pl does not require staff authentication
Change sponsored?: ---
Product: Koha
Version: rel_3_2
Platform: All
OS/Version: All
Status: NEW
Severity: critical
Priority: P5
Component: Hold requests
AssignedTo: gmcharlt at gmail.com
ReportedBy: gmcharlt at gmail.com
QAContact: koha-bugs at lists.koha-community.org
Estimated Hours: 0.0
The reserve/placerequest.pl web service does not do an authorization check,
thereby allowing anybody to construct a URL that could place a hold request on
any item on behalf of anybody else.
--
Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
More information about the Koha-bugs
mailing list