[Koha-bugs] [Bug 15050] New: Nonpublic note searchable from OPAC
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Oct 22 13:54:03 CEST 2015
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15050
Bug ID: 15050
Summary: Nonpublic note searchable from OPAC
Change sponsored?: ---
Product: Koha
Version: 3.20
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P5 - low
Component: Cataloging
Assignee: gmcharlt at gmail.com
Reporter: mirko at abunchofthings.net
QA Contact: testopia at bugs.koha-community.org
CC: m.de.rooy at rijksmuseum.nl
Text in the Nonpublic note can be found via OPAC. The text is not displayed,
but if you know what you are looking for, you still get the information. Found
in 3.20, I assume it is still valid in master. Bug 13023 does not fix it.
To reproduce, put something unique in an item's nonpublic note. Re-index.
Search from the OPAC -> you will find the title your item belongs to. Delete
the nonpublic note and reindex, you can't find it anymore.
Don't know if this qualifies as a security risk.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list