Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/intranet-tmpl/prog/en/modules/members
History
Martin Renvoize 087af360cc Bug 23634: Prevent non-superlibrarians from editing superlibarian emails 
This patchset prevents a non-superlibrarian user from editing a
superlibrarians email address via memberentry.  This is to prevent a
privilege escalation vulnerability whereby a user could update a
superlibrarians contact details to match their own and then request a
password reset via the OPAC.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-09-02 15:40:55 +02:00
..
tables Bug 22087: Move the email into the list 2020-07-30 17:44:27 +02:00
accountline-details.tt
apikeys.tt
boraccount.tt Bug 19036: (QA follow-up) Fix 'out-by-one' error on table 2020-08-20 12:31:59 +02:00
deletemem.tt Bug 10910: (follow-up) Move the suggestions note with the other non-blocking notes 2020-06-15 11:53:36 +02:00
discharge.tt Bug 21211: Add patron toolbar to suggestions, discharges and ill requests tabs 2020-04-20 12:28:05 +01:00
discharges.tt
files.tt
holdshistory.tt Bug 26281: (QA follow-up) Fix missing filter 2020-08-31 16:10:25 +02:00
housebound.tt Bug 21211: Add patron toolbar to suggestions, discharges and ill requests tabs 2020-04-20 12:28:05 +01:00
ill-requests.tt Bug 24156: move ColumnsSettings to TablesSettings 2020-06-25 10:51:59 +02:00
mancredit.tt
maninvoice.tt Bug 22393: (QA follow-up) Typos and Filters 2020-08-18 17:39:48 +02:00
member-flags.tt
member-password.tt
member.tt Bug 24156: move ColumnsSettings to TablesSettings 2020-06-25 10:51:59 +02:00
memberentrygen.tt Bug 23634: Prevent non-superlibrarians from editing superlibarian emails 2020-09-02 15:40:55 +02:00
members-update.tt Bug 24476: Rename autorenewal to autorenew_checkouts 2020-03-24 11:23:54 +00:00
merge-patrons.tt
moremember-brief.tt Bug 25364: Add "Other" to the gender options in a patron record 2020-08-18 17:39:48 +02:00
moremember-print.tt Bug 25070: Centralize member-display-address-style 2020-06-15 11:53:36 +02:00
moremember.tt Bug 25534: (QA follow-up) Add label to reason pulldown 2020-08-25 15:07:28 +02:00
notices.tt
pay.tt Bug 26234: Teach our KohaTable constructor the specific th classes 2020-08-19 08:24:04 +02:00
paycollect.tt Bug 26194: Add link to cash register management from message about missing registers 2020-08-18 15:45:49 +02:00
printfeercpt.tt
printinvoice.tt
purchase-suggestions.tt Bug 21211: Add patron toolbar to suggestions, discharges and ill requests tabs 2020-04-20 12:28:05 +01:00
readingrec.tt Bug 26234: Teach our KohaTable constructor the specific th classes 2020-08-19 08:24:04 +02:00
routing-lists.tt
statistics.tt Bug 21211: Add patron toolbar to suggestions, discharges and ill requests tabs 2020-04-20 12:28:05 +01:00
update-child.tt