Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/reports
History
David Cook 2fdfbaf0dd Bug 18898 - Some permissions for Reports can be bypassed 
If you manually visit the following links when you only have
permission to run reports, you'll still be able to access the ability
to create and edit reports:

/cgi-bin/koha/reports/guided_reports.pl?phase=Create%20report%20from%20SQL
/cgi-bin/koha/reports/guided_reports.pl?phase=Edit%20SQL

This patch ties these 2 unaccounted for phases to the create_reports
permission.

With patch, issue no longer can be reproduced.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-09 16:51:41 -03:00
..
acquisitions_stats.pl Bug 17835: Replace GetItemTypes with Koha::ItemTypes 2017-04-14 10:43:51 -04:00
bor_issues_top.pl Bug 17925: Disable debugging in reports/bor_issues_top.pl 2017-05-12 09:09:15 -04:00
borrowers_out.pl Bug 15407: Koha::Patron::Categories - replace GetborCatFromCatType 2016-09-08 13:29:22 +00:00
borrowers_stats.pl Bug 8306: Patrons statistics, fix for patron activity choice 2017-02-14 14:11:04 +00:00
cash_register_stats.pl Bug 18734 - Internal server error in cash_register_stats.pl when exporting to file 2017-06-12 17:56:37 -03:00
cat_issues_top.pl Bug 17835: Replace GetItemTypes with Koha::ItemTypes 2017-04-14 10:43:51 -04:00
catalogue_out.pl Bug 17835: Replace GetItemTypes with Koha::ItemTypes 2017-04-14 10:43:51 -04:00
catalogue_stats.pl Bug 17835: Replace GetItemTypes with Koha::ItemTypes 2017-04-14 10:43:51 -04:00
dictionary.pl Bug 16154: CGI->multi_param - Declare a list 2016-04-26 23:16:42 +00:00
guided_reports.pl Bug 18898 - Some permissions for Reports can be bypassed 2017-08-09 16:51:41 -03:00
issues_avg_stats.pl Bug 13452: Fix for plack 2017-06-15 15:27:46 -03:00
issues_by_borrower_category.plugin Bug 15758: Koha::Libraries - Remove GetBranches 2016-09-08 14:36:03 +00:00
issues_stats.pl Bug 17835: Replace GetItemTypes with Koha::ItemTypes 2017-04-14 10:43:51 -04:00
itemslost.pl Bug 18279: Remove C4::Items::GetLostItems 2017-06-05 11:43:26 -03:00
itemtypes.plugin Bug 15758: Koha::Libraries - Remove GetBranchesLoop 2016-09-08 14:36:02 +00:00
manager.pl Bug 16154: CGI->multi_param - Declare a list 2016-04-26 23:16:42 +00:00
orders_by_fund.pl Bug 18260: Koha::Biblio - Remove GetBiblio 2017-07-10 13:03:38 -03:00
reports-home.pl Bug 9978: Replace license header with the correct license (GPLv3+) 2015-04-20 09:59:38 -03:00
reserves_stats.pl Bug 17835: Replace GetItemTypes with Koha::ItemTypes 2017-04-14 10:43:51 -04:00
serials_stats.pl Bug 15758: Koha::Libraries - Remove GetBranchesLoop 2016-09-08 14:36:02 +00:00
stats.print.pl Bug 11944: use CGI( -utf8 ) everywhere 2015-01-13 13:07:21 -03:00