Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/circ
History
Mark Tompsett 85489f7bdf Bug 643: QA Followup - server-side verification of permissions 
Only allow $force_allow=1 if the logged in user has permissions.

TEST PLAN
---------
Attempt to intentionally override the checkout by passing an
appropriately handcrafted URL.
-- Regardless of the force_allow value, it should be not allowed
   for those lacking the force_checkout permission.

NOTE: I didn't test this. I figured Marc Veron could do that. :)
      (Sorry, couldn't easily get git bz to work with the accent)

Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-10-31 15:15:49 -03:00
..
add_message.pl Bug 11349: Change .tmpl -> .tt in scripts using templates 2014-07-17 11:05:49 -03:00
bookcount.pl Bug 11349: Change .tmpl -> .tt in scripts using templates 2014-07-17 11:05:49 -03:00
branchoverdues.pl Bug 11349: Change .tmpl -> .tt in scripts using templates 2014-07-17 11:05:49 -03:00
branchtransfers.pl Bug 11349: Change .tmpl -> .tt in scripts using templates 2014-07-17 11:05:49 -03:00
circulation-home.pl Bug 11349: Change .tmpl -> .tt in scripts using templates 2014-07-17 11:05:49 -03:00
circulation.pl Bug 643: QA Followup - server-side verification of permissions 2014-10-31 15:15:49 -03:00
del_message.pl Bug 11349: Change .tmpl -> .tt in scripts using templates 2014-07-17 11:05:49 -03:00
hold-transfer-slip.pl Bug 11349: Change .tmpl -> .tt in scripts using templates 2014-07-17 11:05:49 -03:00
offline-mf.pl Bug 10240: QA follow-up 2013-10-11 01:57:03 +00:00
offline.pl Bug 10240: QA follow-up 2013-10-11 01:57:03 +00:00
overdue.pl Bug 11349: Change .tmpl -> .tt in scripts using templates 2014-07-17 11:05:49 -03:00
pendingreserves.pl Bug 11349: Change .tmpl -> .tt in scripts using templates 2014-07-17 11:05:49 -03:00
renew.pl Bug 11577: Add 'auto_renew' and 'auto_too_soon' to renewal page 2014-09-17 19:23:16 -03:00
reserveratios.pl Bug 11349: Change .tmpl -> .tt in scripts using templates 2014-07-17 11:05:49 -03:00
returns.pl Bug 11349: Change .tmpl -> .tt in scripts using templates 2014-07-17 11:05:49 -03:00
selectbranchprinter.pl Bug 11349: Change .tmpl -> .tt in scripts using templates 2014-07-17 11:05:49 -03:00
stats.pl Bug 11349: Change .tmpl -> .tt in scripts using templates 2014-07-17 11:05:49 -03:00
transfer-slip.pl Bug 11349: Change .tmpl -> .tt in scripts using templates 2014-07-17 11:05:49 -03:00
transferstoreceive.pl Bug 11349: Change .tmpl -> .tt in scripts using templates 2014-07-17 11:05:49 -03:00
view_holdsqueue.pl Bug 11349: Change .tmpl -> .tt in scripts using templates 2014-07-17 11:05:49 -03:00
waitingreserves.pl Bug 12523 - Add patron email in Holds awaiting pickup circulation rapport 2014-08-07 16:18:23 -03:00
ypattrodue-attr-search-authvalue.pl Bug 7747 - Replace YUI autocomplete with jQueryUI 2012-05-31 18:07:55 +02:00
ysearch.pl Bug 10277 - Add C4::Context->IsSuperLibrarian() 2013-12-30 15:47:23 +00:00