[Koha-bugs] [Bug 7551] Any logged-in OPAC user can renew items for others using a properly constructed URL
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Feb 16 22:23:56 CET 2012
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=7551
Ian Walls <koha.sekjal at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|Signed Off |Passed QA
--- Comment #3 from Ian Walls <koha.sekjal at gmail.com> 2012-02-16 21:23:56 UTC ---
Okay, this line has been in here since Koha 3.0, when the built-in SCO used to
use opac-renew to do it's renewals. Hence the need to use a different
borrowernumber than your own. Now that SCO handles it's own renewals, this is
just a security risk. Marking Passed QA.
Follow up patch can be written to update opac-user.tt to no longer transmit the
borrowernumber, but that's just cleanup.
--
Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the Koha-bugs
mailing list