git.koha-community.org Git - koha.git/commit

author	Jonathan Druart <jonathan.druart@bugs.koha-community.org>
	Wed, 19 Aug 2015 14:42:10 +0000 (15:42 +0100)
committer	Liz Rea <wizzyrea@gmail.com>
	Sun, 23 Aug 2015 23:06:24 +0000 (11:06 +1200)
commit	46c979d0c970c079702ed872ab318192393b7815
tree	4f43e3588082cabe1cbadc8c11e63f8f0ffec70d	tree \| snapshot
parent	c68fc8ad3e5069e52b9bd0487faa3094e9eee4cc	commit \| diff

Bug 14566: Fix permissions in patronimage.pl

There is no permission needed to access the patronimage.pl script.
This means anybody cans access to the patron's images.

Test plan:
Add an image to borrowernumber 42 and call
/cgi-bin/koha/members/patronimage.pl?borrowernumber=42

If you are logged in with borrowers permissions, you will see the image,
otherwise you will get a blank page with a 403 header.

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Conflicts:
members/patronimage.pl