[Koha-bugs] [Bug 6642] New: Able to download label batches as an unauthorized user
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Jul 28 18:11:42 CEST 2011
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6642
Bug #: 6642
Summary: Able to download label batches as an unauthorized user
Classification: Unclassified
Change sponsored?: ---
Product: Koha
Version: rel_3_6
Platform: All
OS/Version: All
Status: NEW
Severity: major
Priority: P5
Component: Label printing
AssignedTo: cnighswonger at foundations.edu
ReportedBy: wizzyrea at gmail.com
QAContact: koha-bugs at lists.koha-community.org
http://staff.client.url/cgi-bin/koha/labels/label-create-pdf.pl?batch_id=1&template_id=1&layout_id=17&start_label=1
(as an example) would allow unauthorized users to download generated PDF files
from the
staff side of the ILS. It might be possible to DOS the staff client using this.
--
Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA Contact for the bug.
More information about the Koha-bugs
mailing list