]> git.koha-community.org Git - koha.git/commit
projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 848512d) | patch
Bug 23634: Prevent non-superlibrarians from editing superlibarian emails
authorMartin Renvoize <martin.renvoize@ptfs-europe.com>
Tue, 19 Nov 2019 14:51:50 +0000 (14:51 +0000)
committerVictor Grousset/tuxayo <victor@tuxayo.net>
Tue, 25 Aug 2020 03:49:41 +0000 (05:49 +0200)
commit3cc0e7cae3ab063a0e77a12123177bb26348f20a
tree9effb9ce0c5dce32dd7256a11b9760af2098a2aftree | snapshot
parent848512d46627f9a3b6748c8a9af0f50ee6869012commit | diff
Bug 23634: Prevent non-superlibrarians from editing superlibarian emails

This patchset prevents a non-superlibrarian user from editing a
superlibrarians email address via memberentry.  This is to prevent a
privilege escalation vulnerability whereby a user could update a
superlibrarians contact details to match their own and then request a
password reset via the OPAC.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
(cherry picked from commit e707fdf7b6ca155ec9abd47e2e8aef1549f01f10)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tt diff | blob | history
members/memberentry.pl diff | blob | history
Main Koha release repository