Jonathan Druart 09d0b1310b Bug 16993: Fix CSRF in memberentry.pl ... If an attacker can get an authenticated Koha user to visit their page with the url below, they can change patrons' passwords or other patrons'details members/memberentry.pl?op=save&destination=circ&borrowernumber=3435&password=ZZZ&password2=ZZZ&nodouble=1 Test plan: Trigger members/memberentry.pl?op=save&destination=circ&borrowernumber=42&password=ZZZ&password2=ZZZ&nodouble=1 => Without this patch, the password will be updated => With this patch applied you will get a crash "Wrong CSRF token" (no need to stylish) Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Amended: removed the commented use Digest::MD5-line. Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>		2016-08-10 13:25:25 +00:00
..
data	Bug 16608 - Missing entity nbsp in some XML files	2016-06-10 17:40:55 +00:00
includes	Bug 17025: Fix XSS in serials-search.pl	2016-08-10 13:17:19 +00:00
js	Bug 16795 - Patron categories: Accept integers only for enrolment period and age limits	2016-07-08 13:15:31 +00:00
modules	Bug 16993: Fix CSRF in memberentry.pl	2016-08-10 13:25:25 +00:00
xslt	Bug 16608 - Missing entity nbsp in some XML files	2016-06-10 17:40:55 +00:00
columns.def	Bug 15373: More changes of Zip to ZIP on intranet	2015-12-30 16:30:35 +00:00