[koha-commits] main Koha release repository branch 3.20.x updated. v3.20.01-84-g7375931
Git repo owner
gitmaster at git.koha-community.org
Tue Jul 21 05:56:14 CEST 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".
The branch, 3.20.x has been updated
via 73759312d2a58056e2cc4fd336a1204f3e661a02 (commit)
from fb6b754a335b5f99721f8808095a3fe145964e96 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 73759312d2a58056e2cc4fd336a1204f3e661a02
Author: Jonathan Druart <jonathan.druart at koha-community.org>
Date: Wed Jun 24 11:24:14 2015 +0200
Bug 14449: Add authentication check on retrieving item info when receiving
The script catalogue/getitem-ajax.pl is called by acqui/orderreceive.pl
when item is receipt.
There is not auth check done, this means anybody can retrieve item info.
Test plan:
With the acquisition => order_receive permission, try to receive an
item.
It should work.
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
Very easy to test.
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar>
(cherry picked from commit ea263a2284f1b81da5718a0cfbc581909c86cf4a)
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
-----------------------------------------------------------------------
Summary of changes:
catalogue/getitem-ajax.pl | 9 +++++++++
1 file changed, 9 insertions(+)
hooks/post-receive
--
main Koha release repository
More information about the koha-commits
mailing list