git.koha-community.org Git - koha.git/commit

]> git.koha-community.org Git - koha.git/commit

projects / koha.git / commit

summary | shortlog | log | commit | commitdiff | tree
(parent: 41350af) | patch

author	David Cook <dcook@prosentient.com.au>
	Thu, 27 Jul 2017 01:58:28 +0000 (11:58 +1000)
committer	Katrin Fischer <katrin.fischer.83@web.de>
	Fri, 15 Sep 2017 23:20:13 +0000 (01:20 +0200)
commit	fc4a184a5fda8571a7548996d5813205d25e6e5f
tree	d4212c33feead3e86ca3a838878df3f708756b69	tree \| snapshot
parent	41350af22570d32148c673e846e45d46fa1806c5	commit \| diff

Bug 18898 - Some permissions for Reports can be bypassed

If you manually visit the following links when you only have
permission to run reports, you'll still be able to access the ability
to create and edit reports:

/cgi-bin/koha/reports/guided_reports.pl?phase=Create%20report%20from%20SQL
/cgi-bin/koha/reports/guided_reports.pl?phase=Edit%20SQL

This patch ties these 2 unaccounted for phases to the create_reports
permission.

With patch, issue no longer can be reproduced.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 2fdfbaf0ddbf214c0efb9a3a3c2595a54517f795)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 4b71c9239708cd4d60190ed907fec03d1f8b08bc)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

reports/guided_reports.pl

diff | blob | history

Main Koha release repository