[Koha-bugs] [Bug 7550] New: Self checkout should limit display of patron image to logged-in patron
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Feb 16 20:58:42 CET 2012
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=7550
Bug #: 7550
Summary: Self checkout should limit display of patron image to
logged-in patron
Classification: Unclassified
Change sponsored?: ---
Product: Koha
Version: master
Platform: All
URL: /cgi-bin/koha/sco/sco-patron-image.pl?cardnumber=XXXX
OS/Version: All
Status: NEW
Severity: normal
Priority: P5 - low
Component: Self checkout
AssignedTo: koha.sekjal at gmail.com
ReportedBy: oleonard at myacpl.org
QAContact: koha.sekjal at gmail.com
The patron image display in the self-checkout takes a GET parameter from the
image source, so if someone copied the image location and substituted the
barcode string they could browse through all patron images:
<img alt="" src="/cgi-bin/koha/sco/sco-patron-image.pl?cardnumber=XXXX">
It would offer patrons better privacy to limit that request based on the
currently-logged-in user.
--
Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the Koha-bugs
mailing list