Koha/koha-tmpl/intranet-tmpl/prog at 0c3c162f767f5587f5fad7375151f8efca3689b3 - Koha-community/Koha - Koha: The world's first free and open source library system

History

Jonathan Druart 0c3c162f76 Bug 17905: FIX CSRF in member-flags If an attacker can get an authenticated Koha user to visit their page with the url below, privilege escalation is possible The exploit can be simulated triggering /cgi-bin/koha/members/member-flags.pl?member=42&newflags=1&flag=superlibrarian Test plan: Trigger the url above => Without this patch, 42 is now superlibrarian => With this patch, you will get the "Wrong CSRF token" error. This vulnerability has been reported by MDSec. Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>		2017-01-30 11:24:12 +00:00
..
css	Bug 17487: Styling moved from style attribute into staff-global.css	2017-01-20 14:11:55 +00:00
en	Bug 17905: FIX CSRF in member-flags	2017-01-30 11:24:12 +00:00
img	Bug 16072: Changing all instances of 'loading-small.gif' to 'spinner-small.gif' and removing loading-small.gif file.	2016-12-28 13:43:20 +00:00
js	Bug 16239: Update javascript files	2017-01-13 14:41:23 +00:00
pdf
sound