There is no permission needed to access the patronimage.pl script.
This means anybody cans access to the patron's images.
Test plan:
Add an image to borrowernumber 42 and call
/cgi-bin/koha/members/patronimage.pl?borrowernumber=42
If you are logged in with borrowers permissions, you will see the image,
otherwise you will get a blank page with a 403 header.
Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
projects / koha.git / commit