[Koha-patches] [PATCH] C4/Auth.pm: $session->param('id') should be checked before being compared.
LAURENT Henri-Damien
henridamien.laurent at biblibre.com
Tue Sep 29 10:23:23 CEST 2009
Sébastien Hinderer a écrit :
> Without this check, a warning is printed to syslog when one visits an
> URL such as
> http://intranet/cgi-bin/koha/cataloguing/additem.pl?biblionumber=3000
> without being logged in.
>
Is it not the expected behaviour ?
In my opinion, in that case, it can be a security failure or issue. You
HAVE to log that.
--
Henri-Damien LAURENT
More information about the Koha-patches
mailing list