Koha/koha-tmpl at db55279886c7ecd13987780b6922d29e8916b267 - Koha-community/Koha - Koha: The world's first free and open source library system

History

Martin Renvoize 087af360cc Bug 23634: Prevent non-superlibrarians from editing superlibarian emails This patchset prevents a non-superlibrarian user from editing a superlibrarians email address via memberentry. This is to prevent a privilege escalation vulnerability whereby a user could update a superlibrarians contact details to match their own and then request a password reset via the OPAC. Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>	2020-09-02 15:40:55 +02:00
..
intranet-tmpl	Bug 23634: Prevent non-superlibrarians from editing superlibarian emails	2020-09-02 15:40:55 +02:00
opac-tmpl	Bug 21066: Rename publicationdate with published_on	2020-09-02 15:35:08 +02:00

Martin Renvoize 087af360cc Bug 23634: Prevent non-superlibrarians from editing superlibarian emails

This patchset prevents a non-superlibrarian user from editing a
superlibrarians email address via memberentry.  This is to prevent a
privilege escalation vulnerability whereby a user could update a
superlibrarians contact details to match their own and then request a
password reset via the OPAC.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

2020-09-02 15:40:55 +02:00

intranet-tmpl

Bug 23634: Prevent non-superlibrarians from editing superlibarian emails

2020-09-02 15:40:55 +02:00

opac-tmpl

Bug 21066: Rename publicationdate with published_on

2020-09-02 15:35:08 +02:00