[Koha-bugs] [Bug 18275] opac-memberentry.pl security vulnerabilities
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Mar 22 14:43:05 CET 2017
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18275
--- Comment #15 from Marcel de Rooy <m.de.rooy at rijksmuseum.nl> ---
Somehow it confused me to see $userid with cas and $q_userid with shib:
( $return, $cardnumber, $retuserid ) = checkpw( $dbh, $q_userid, undef, $query
);
[...]
( $return, $cardnumber, $retuserid ) = checkpw( $dbh, $userid, $password,
$query, $type );
If I am not mistaken, cas does not look at the userid at all. Would it be
better to replace $userid in the last statement by undef? Should not make a
difference, but for completeness?
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list