Koha/koha-tmpl/intranet-tmpl at 09d0b1310bda677b6939b59ea8a68f84e2ec93f6 - Koha-community/Koha - Koha: The world's first free and open source library system

History

Jonathan Druart 09d0b1310b Bug 16993: Fix CSRF in memberentry.pl If an attacker can get an authenticated Koha user to visit their page with the url below, they can change patrons' passwords or other patrons'details members/memberentry.pl?op=save&destination=circ&borrowernumber=3435&password=ZZZ&password2=ZZZ&nodouble=1 Test plan: Trigger members/memberentry.pl?op=save&destination=circ&borrowernumber=42&password=ZZZ&password2=ZZZ&nodouble=1 => Without this patch, the password will be updated => With this patch applied you will get a crash "Wrong CSRF token" (no need to stylish) Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Amended: removed the commented use Digest::MD5-line. Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>		2016-08-10 13:25:25 +00:00
..
js	Bug 16456: Add Font Awesome icons to some buttons in Tools module, section Patrons and circulation	2016-06-17 15:40:24 +00:00
lib	Bug 16400: Restore the previous stack order behavior	2016-06-24 13:34:44 +00:00
prog	Bug 16993: Fix CSRF in memberentry.pl	2016-08-10 13:25:25 +00:00