[Koha-devel] value_builder plugins (security hole)
paul POULAIN
paul.poulain at biblibre.com
Thu Feb 5 18:39:34 CET 2009
Joe Atzberger a écrit :
> Koha Devs --
>
> I've been looking at fixing the autopopulation of fields
> (dateaccessioned, barcode, etc) in cataloging. The architecture is a
> bit screwy.
I agree, when I wrote that, I was not a true monger to say the least ;-)
> Some of the scripts in cataloguing/value_builder/ are designed to run
> as stand-alones and others are called by a "do" statement in
> additem.pl. Anyway, that's just background.
>
> There are two scripts that break security by passing authnotrequired
> => 1 to get_template_and_user:
>
> * cataloguing/value_builder/labs_theses.pl
> * cataloguing/value_builder/unimarc_field_4XX.pl
>
> I defer on updating them myself because they may be obsolete
> entirely. Can anyone at BibLibre comment on the status of these scripts?
They are not obsolete.
lab_theses is used by in2p3, and unimarc_field_4xx is used by all
libraries using the unimarc 4xx fields.
You can file a bug & affect it to nahuel.
--
Paul POULAIN
http://www.biblibre.com
Expert en Logiciels Libres pour l'info-doc
Tel : (33) 4 91 81 35 08
More information about the Koha-devel
mailing list