[Koha-devel] value_builder plugins (security hole)
Joe Atzberger
ohiocore at gmail.com
Thu Feb 5 18:27:08 CET 2009
Koha Devs --
I've been looking at fixing the autopopulation of fields (dateaccessioned,
barcode, etc) in cataloging. The architecture is a bit screwy. Some of the
scripts in cataloguing/value_builder/ are designed to run as stand-alones
and others are called by a "do" statement in additem.pl. Anyway, that's
just background.
There are two scripts that break security by passing authnotrequired => 1 to
get_template_and_user:
- cataloguing/value_builder/labs_theses.pl
- cataloguing/value_builder/unimarc_field_4XX.pl
I defer on updating them myself because they may be obsolete entirely. Can
anyone at BibLibre comment on the status of these scripts?
--Joe Atzberger,
LibLime
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/koha-devel/attachments/20090205/d7d87b81/attachment-0003.htm>
More information about the Koha-devel
mailing list