[Koha-bugs] [Bug 3280] opac/opac-sendbasket.pl security leaky
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Dec 5 10:21:46 CET 2011
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=3280
--- Comment #2 from Frère Sébastien Marie <semarie-koha at latrappe.fr> 2011-12-05 09:21:46 UTC ---
Created attachment 6576
--> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=6576
Bug 3280 Restrict Send-basket feature
Here a proposal (should be discussed):
- permit send basket only for authenticated user
- permit send basket only if basket contains items
- use surname, firstname and email of authenticated user for 'To' field (with
fallback to KohaAdminEmailAddress)
- add field X-Orig-IP with IP of sender
- add field X-Abuse-Report with KohaAdminEmailAddress
Please comments.
--
Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA Contact for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list