Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/opac-tmpl/prog/en/modules
History
Owen Leonard 85c4cd4712 Bug 8515 - OPAC password change does not obey OpacPasswordChange 
The OPAC change password template enforces the OpacPasswordChange
preference by preventing the form from appearing. However, the
script doesn't contain any check for OpacPasswordChange so it is
vulnerable to someone submitting data to it by some other means.

This patch adds a check for OpacPasswordChange to the script and
revises the template logic in order to show the right warning
in all circumstances.

To test, turn off OpacPasswordChange and navigate manually to
opac-passwd.pl. You should see a warning that you can't change
your password.

Turn on OpacPasswordChange load the change password page and
save the page to your desktop. Turn off OpacPasswordChange and
submit a password change via the saved page. Without the patch
this would result in a password change. After the patch it
should not.

Signed-off-by: Melia Meggs <melia@test.bywatersolutions.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Confirmed bug and made sure patch fixes it.
Passes all tests and perlcritic.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-11-25 18:30:14 -05:00
..
errors Bug 2780 - Capitalize strings consistently (OPAC pages) 2012-04-06 18:27:55 +02:00
sco Bug 8623: Move YUI out of prog 2012-09-05 12:04:13 +02:00
search Bug 8766 - OPACBaseURL still called as OPACBaseurl in many files 2012-10-12 16:33:07 +02:00
svc Bug 8209: "Did you mean?" from authorities 2012-09-13 11:34:28 +02:00
text Bug 8726: ExplodedTerms suggestion plugin (functionality) 2012-09-28 17:08:21 +02:00
ilsdi.tt Bug 2780 - Capitalize strings consistently (OPAC pages) 2012-04-06 18:27:55 +02:00
kohaerror.tt Bug 2780 - Capitalize strings consistently (OPAC pages) 2012-04-06 18:27:55 +02:00
maintenance.tt Bug 2780 - Capitalize strings consistently (OPAC pages) 2012-04-06 18:27:55 +02:00
opac-account.tt Bug 7500 [FOLLOW-UP][Missing images] Use CSS Sprites for faster page loading 2012-09-13 17:52:06 +02:00
opac-addbybiblionumber.tt Bug 2780 - Capitalize strings consistently (OPAC pages) 2012-04-06 18:27:55 +02:00
opac-advsearch.tt Bug 8546 - Error in description of OPAC Advanced Search Publication date range search 2012-11-23 13:01:29 -05:00
opac-alert-subscribe.tt Bug 2780 - Capitalize strings consistently (OPAC pages) 2012-04-06 18:27:55 +02:00
opac-auth-detail.tt Bug 8870 UNIMARC authorities search doesn't display information properly 2012-10-22 17:50:06 +02:00
opac-auth-MARCdetail.tt Bug 8523: Display auth hierarchies w/all marcflavours 2012-09-21 14:52:08 +02:00
opac-auth.tt Bug 2780 - Capitalize strings consistently (OPAC pages) 2012-04-06 18:27:55 +02:00
opac-authorities-home.tt Bug 8206: make authority search indexes consistent 2012-09-07 15:26:56 +02:00
opac-authoritiessearchresultlist.tt Bug 8870 UNIMARC authorities search doesn't display information properly 2012-10-22 17:50:06 +02:00
opac-basket.tt Bug 9115 - basket window should close automatically when placing a hold 2012-11-25 18:06:11 -05:00
opac-browser.tt Bug 2780 - Capitalize strings consistently (OPAC pages) 2012-04-06 18:27:55 +02:00
opac-detail.tt Bug 8660: Tag status does not show on multiple tag add 2012-11-23 16:38:32 -05:00
opac-downloadcart.tt Bug 2780 - Capitalize strings consistently (OPAC pages) 2012-04-06 18:27:55 +02:00
opac-downloadshelf.tt Bug 2780 - Capitalize strings consistently (OPAC pages) 2012-04-06 18:27:55 +02:00
opac-full-serial-issues.tt Bug 7927 - library not showing on subscription full history anymore 2012-04-18 17:27:26 +02:00
opac-imageviewer.tt Bug 2780 - Capitalize strings consistently (OPAC pages) 2012-04-06 18:27:55 +02:00
opac-ISBDdetail.tt Bug 8143 [REVISED] Upgrade jQuery tabs to current jQueryUI version 2012-06-10 15:22:58 +02:00
opac-main.tt Bug 8597: Add system preferences to configure the mobile view. 2012-09-18 13:42:18 +02:00
opac-MARCdetail.tt Bug 2780 - Capitalize strings consistently (OPAC pages) 2012-04-06 18:27:55 +02:00
opac-messaging.tt Bug 7500 [FOLLOW-UP][Missing images] Use CSS Sprites for faster page loading 2012-09-13 17:52:06 +02:00
opac-mymessages.tt Bug 5917 : Swapping templates over 2011-04-10 20:38:30 +12:00
opac-opensearch.tt Bug 8936: Search RSS feeds does not show there items when subscribing in Firefox 2012-10-30 18:24:54 +01:00
opac-passwd.tt Bug 8515 - OPAC password change does not obey OpacPasswordChange 2012-11-25 18:30:14 -05:00
opac-privacy.tt Bug 7500 [FOLLOW-UP][Missing images] Use CSS Sprites for faster page loading 2012-09-13 17:52:06 +02:00
opac-readingrecord.tt Bug 8017 reduce manipulation of GetAllIssues return 2012-09-13 18:51:45 +02:00
opac-reserve.tt Bug 8624: Move famfamfam out of theme directory 2012-09-19 15:40:55 +02:00
opac-results-grouped.tt bug 3652 fixing XSS vulnerabilities in opac-search 2012-10-24 15:44:07 +02:00
opac-results.tt Bug 8660: Tag status does not show on multiple tag add 2012-11-23 16:38:32 -05:00
opac-review.tt Bug 8973: HTML and URL escape missing in OPAC templates 2012-10-30 18:15:22 +01:00
opac-search-history.tt Bug 2780 - Capitalize strings consistently (OPAC pages) 2012-04-06 18:27:55 +02:00
opac-sendbasket.tt Bug 8621: Alternative template for cart email 2012-08-29 18:18:16 +02:00
opac-sendbasketform.tt Bug 2780 - Capitalize strings consistently (OPAC pages) 2012-04-06 18:27:55 +02:00
opac-sendshelf.tt Bug 2780 - Capitalize strings consistently (OPAC pages) 2012-04-06 18:27:55 +02:00
opac-sendshelfform.tt Bug 2780 - Capitalize strings consistently (OPAC pages) 2012-04-06 18:27:55 +02:00
opac-serial-issues.tt Bug 7905: Follow up - Multi-line subscription notes 2012-06-27 15:29:56 +02:00
opac-shelves.tt Bug 8660: Tag status does not show on multiple tag add 2012-11-23 16:38:32 -05:00
opac-showmarc.tt Bug 8872: Changes for opac-showmarc 2012-11-06 07:29:01 -05:00
opac-showreviews-rss.tt Bug 8708 [Revised] RSS feed for new comments is broken 2012-09-12 15:31:58 +02:00
opac-showreviews.tt Bug 8679 [REVISED] Remove usage of Amazon API 2012-08-29 16:05:29 +02:00
opac-suggestions.tt Bug 8660: Tag status does not show on multiple tag add 2012-11-23 16:38:32 -05:00
opac-tags.tt Bug 8873 - JavaScript error in Opac displaying tag cloud 2012-10-12 22:47:35 +02:00
opac-tags_subject.tt Bug 2780 - Capitalize strings consistently (OPAC pages) 2012-04-06 18:27:55 +02:00
opac-topissues.tt Bug 7367 - One "the" too many 2012-07-24 17:33:03 +02:00
opac-user.tt Bug 8597: Improve template markup to prepare for mobile 2012-09-18 13:36:48 +02:00
opac-userdetails.tt Bug 7500 [FOLLOW-UP][Missing images] Use CSS Sprites for faster page loading 2012-09-13 17:52:06 +02:00
opac-userupdate.tt Bug 7500 [FOLLOW-UP][Missing images] Use CSS Sprites for faster page loading 2012-09-13 17:52:06 +02:00