[Koha-bugs] [Bug 14408] Path traversal vulnerabilty
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Jun 23 13:40:12 CEST 2015
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408
--- Comment #25 from Fridolin SOMERS <fridolin.somers at biblibre.com> ---
There is a problem with some pages calling get_template_and_user with empty
string in template_name :
acqui/updatesupplier.pl
opac/opac-ratings.pl
tools/quotes/quotes_ajax.pl
tools/quotes/quotes-upload_ajax.pl
Should we accept empty string or correct those pages to use has_permission() ?
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list