ea263a2284
The script catalogue/getitem-ajax.pl is called by acqui/orderreceive.pl when item is receipt. There is not auth check done, this means anybody can retrieve item info. Test plan: With the acquisition => order_receive permission, try to receive an item. It should work. Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Very easy to test. Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar> |
||
|---|---|---|
| .. | ||
| detail.pl | ||
| export.pl | ||
| getitem-ajax.pl | ||
| image.pl | ||
| imageviewer.pl | ||
| ISBDdetail.pl | ||
| issuehistory.pl | ||
| itemsearch.pl | ||
| labeledMARCdetail.pl | ||
| MARCdetail.pl | ||
| moredetail.pl | ||
| search-history.pl | ||
| search.pl | ||
| showmarc.pl | ||
| updateitem.pl | ||