[Koha-bugs] [Bug 14408] Path traversal vulnerabilty
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Jun 23 14:57:50 CEST 2015
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408
--- Comment #29 from Jonathan Druart <jonathan.druart at biblibre.com> ---
(In reply to Fridolin SOMERS from comment #25)
> There is a problem with some pages calling get_template_and_user with empty
> string in template_name :
>
> acqui/updatesupplier.pl
> opac/opac-ratings.pl
> tools/quotes/quotes_ajax.pl
> tools/quotes/quotes-upload_ajax.pl
>
> Should we accept empty string or correct those pages to use has_permission()
> ?
Yes, I think so. Did you open a new bug report?
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list