Jonathan Druart 06d1259e56 Bug 16992: FIX CSRF in member-password.pl ... If an attacker can get an authenticated Koha user to visit their page with the url below, they can change patrons' passwords /members/member-password.pl?member=42&newpassword=hacked&newpassword2=hacked Test plan: Trigger /members/member-password.pl?member=42&newpassword=hacked&newpassword2=hacked => Without this patch, the password will be updated => With this patch applied you will get a crash "Wrong CSRF token" (no need to stylish) Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>		2016-08-10 13:34:02 +00:00
..
data	Bug 16608 - Missing entity nbsp in some XML files	2016-06-10 17:40:55 +00:00
includes	Bug 17025: Fix XSS in serials-search.pl	2016-08-10 13:17:19 +00:00
js	Bug 16795 - Patron categories: Accept integers only for enrolment period and age limits	2016-07-08 13:15:31 +00:00
modules	Bug 16992: FIX CSRF in member-password.pl	2016-08-10 13:34:02 +00:00
xslt	Bug 16608 - Missing entity nbsp in some XML files	2016-06-10 17:40:55 +00:00
columns.def	Bug 15373: More changes of Zip to ZIP on intranet	2015-12-30 16:30:35 +00:00