]> git.koha-community.org Git - koha.git/commit
Bug 14566: Fix permissions in patronimage.pl
authorJonathan Druart <jonathan.druart@bugs.koha-community.org>
Wed, 19 Aug 2015 14:42:10 +0000 (15:42 +0100)
committerTomas Cohen Arazi <tomascohen@unc.edu.ar>
Mon, 24 Aug 2015 13:29:49 +0000 (10:29 -0300)
commitb35dd15a4a64cc13e4c7c9c24e32a56f4cd43c66
tree10bbdc3ef6cae43150733bcfea1805cbd016329c
parent16f382e7ecb0a7d817da59c45dcd58655e3949ee
Bug 14566: Fix permissions in patronimage.pl

There is no permission needed to access the patronimage.pl script.
This means anybody cans access to the patron's images.

Test plan:
Add an image to borrowernumber 42 and call
/cgi-bin/koha/members/patronimage.pl?borrowernumber=42

If you are logged in with borrowers permissions, you will see the image,
otherwise you will get a blank page with a 403 header.

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
members/patronimage.pl