Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/opac
History
Owen Leonard 85c4cd4712 Bug 8515 - OPAC password change does not obey OpacPasswordChange 
The OPAC change password template enforces the OpacPasswordChange
preference by preventing the form from appearing. However, the
script doesn't contain any check for OpacPasswordChange so it is
vulnerable to someone submitting data to it by some other means.

This patch adds a check for OpacPasswordChange to the script and
revises the template logic in order to show the right warning
in all circumstances.

To test, turn off OpacPasswordChange and navigate manually to
opac-passwd.pl. You should see a warning that you can't change
your password.

Turn on OpacPasswordChange load the change password page and
save the page to your desktop. Turn off OpacPasswordChange and
submit a password change via the saved page. Without the patch
this would result in a password change. After the patch it
should not.

Signed-off-by: Melia Meggs <melia@test.bywatersolutions.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Confirmed bug and made sure patch fixes it.
Passes all tests and perlcritic.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-11-25 18:30:14 -05:00
..
errors Bug 4330 Fixing FSF statements 2012-05-28 17:53:51 +02:00
rss
sco Bug 8518 - Self checkout does not display debt amount if syspref AllowFineOverride is set to allow 2012-08-01 17:39:55 +02:00
svc Bug 8726: ExplodedTerms suggestion plugin (functionality) 2012-09-28 17:08:21 +02:00
changelanguage.pl Bug 6679: Fixing 5 perlcritic violations in opac/* 2012-06-10 15:12:39 +02:00
ilsdi.pl
maintenance.pl Bug 4330 Fixing FSF statements 2012-05-28 17:53:51 +02:00
oai.pl Bug 4330 Fixing FSF statements 2012-05-28 17:53:51 +02:00
opac-account.pl Bug 4330 : Fixing FSF address and copyright statements 2012-05-28 17:53:46 +02:00
opac-addbybiblionumber.pl Bug 7788: [SIGNED-OFF] Followup: GetShelf call in addbybiblio script corrected 2012-05-22 12:06:26 +02:00
opac-alert-subscribe.pl
opac-authorities-home.pl Bug 8206: Specify index in OPAC authority search 2012-09-07 15:16:40 +02:00
opac-authoritiesdetail.pl Bug 3652: close XSS vulnerabilities on biblionumber and authid 2012-10-24 15:23:50 +02:00
opac-basket.pl Bug 7570 - Add Item availability status to cart. 2012-06-11 17:50:41 +02:00
opac-browser.pl
opac-changelanguage.pl Bug 4330 Fixing FSF statements 2012-05-28 17:53:51 +02:00
opac-detail.pl Bug 3652: close XSS vulnerabilities on biblionumber and authid 2012-10-24 15:23:50 +02:00
opac-downloadcart.pl
opac-downloadshelf.pl Bug 7788: [SIGNED-OFF] Remove two unused calls to GetShelf 2012-05-22 12:06:25 +02:00
opac-export.pl Bug 3652: close XSS vulnerabilities in opac-export 2012-10-24 15:40:18 +02:00
opac-ics.pl
opac-image.pl Bug 8255: allow local cover images to be cached 2012-06-25 18:12:29 +02:00
opac-imageviewer.pl Bug 4321: clean C4::Biblio::GetBiblio and uses 2012-09-18 12:11:54 +02:00
opac-ISBDdetail.pl Bug 3652 follow-up reverting call to param('bib') 2012-10-24 15:30:24 +02:00
opac-main.pl Bug 8622: Fix theme fallback 2012-09-05 11:39:14 +02:00
opac-MARCdetail.pl Bug 3652 follow-up reverting call to param('bib') 2012-10-24 15:30:24 +02:00
opac-messaging.pl Talking Tech Support - Phase I 2012-06-10 17:46:52 +02:00
opac-modrequest-suspend.pl Bug 7641: Suspend Reserves 2012-03-29 14:37:49 +02:00
opac-modrequest.pl
opac-mymessages.pl Bug 4330 : Fixing FSF address and copyright statements 2012-05-28 17:53:46 +02:00
opac-passwd.pl Bug 8515 - OPAC password change does not obey OpacPasswordChange 2012-11-25 18:30:14 -05:00
opac-patron-image.pl
opac-privacy.pl Bug 4330 Fixing FSF statements 2012-05-28 17:53:51 +02:00
opac-ratings-ajax.pl Bug 8315 - fix 'C4::Output 3.02' errors in Koha 2012-06-29 11:59:13 +02:00
opac-ratings.pl Bug 5668 - Star ratings in the opac 2012-04-10 14:40:49 +02:00
opac-readingrecord.pl Bug 8017 reduce manipulation of GetAllIssues return 2012-09-13 18:51:45 +02:00
opac-renew.pl
opac-reserve.pl Bug 6976 Close loophole allowing borrowers extra holds via opac 2012-09-14 15:22:46 +02:00
opac-review.pl
opac-search-history.pl
opac-search.pl Bug 8954: Make languages list in advanced search translatable (revision 1) 2012-11-20 14:39:56 -05:00
opac-sendbasket.pl Bug 8626: Fix encoding in cart emails for use of quoted-printable 2012-08-29 18:14:32 +02:00
opac-sendshelf.pl
opac-serial-issues.pl
opac-shelves.pl
opac-showmarc.pl Bug 8872: Changes for opac-showmarc 2012-11-06 07:29:01 -05:00
opac-showreviews.pl Bug 6679 :[SIGNED-OFF] Fixing some perlcritic violations in the opac 2012-04-10 13:45:00 +02:00
opac-suggestions.pl Bug 4330 Fixing FSF statements 2012-05-28 17:53:51 +02:00
opac-tags.pl Bug 7642 - fix the lost display of tag sizes 2012-10-01 17:38:27 +02:00
opac-tags_subject.pl
opac-topissues.pl Bug 6141 - html glitches causing problems to translator 2012-06-10 12:59:49 +02:00
opac-user.pl Bug 8408 - Followup - Fix broken messages. 2012-09-07 18:42:06 +02:00
opac-userdetails.pl
opac-userupdate.pl Bug 8953 - opac-userupdate encoding issues 2012-10-24 17:55:12 +02:00
search.pl Bug 8233 : SearchEngine: Add a Koha::SearchEngine module 2012-07-06 16:51:58 +02:00
unapi Bug 6679 :[SIGNED-OFF] Fixing some perlcritic violations in the opac 2012-04-10 13:45:00 +02:00