The OPAC change password template enforces the OpacPasswordChange
preference by preventing the form from appearing. However, the
script doesn't contain any check for OpacPasswordChange so it is
vulnerable to someone submitting data to it by some other means.
This patch adds a check for OpacPasswordChange to the script and
revises the template logic in order to show the right warning
in all circumstances.
To test, turn off OpacPasswordChange and navigate manually to
opac-passwd.pl. You should see a warning that you can't change
your password.
Turn on OpacPasswordChange load the change password page and
save the page to your desktop. Turn off OpacPasswordChange and
submit a password change via the saved page. Without the patch
this would result in a password change. After the patch it
should not.
Signed-off-by: Melia Meggs <melia@test.bywatersolutions.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Confirmed bug and made sure patch fixes it.
Passes all tests and perlcritic.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Most Perl scripts (as opposed to modules) do
not need to require Exporter.
No user-visible or documentation changes.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
GetMemberDetails() returns only one hashref now,
not two. In all cases where the caller was
expecting two output values, the $flags return
was ignored anyway.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
So this implies quite a change for files.
Sorry about conflicts which will be caused.
directory Interface::CGI should now be dropped.
I noticed that many scripts (reports ones, but also some circ/stats.pl or opac-topissues) still use Date::Manip.
