]> git.koha-community.org Git - koha.git/commit
projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0a52185) | patch
Bug 14566: Fix permissions in patronimage.pl
authorJonathan Druart <jonathan.druart@bugs.koha-community.org>
Wed, 19 Aug 2015 14:42:10 +0000 (15:42 +0100)
committerMason James <mtj@kohaaloha.com>
Fri, 28 Aug 2015 02:55:25 +0000 (14:55 +1200)
commit29181dae407a1828ae9e29775aefbb0c72f860e1
treea6916e70d5717645d66b2b00520a34b2f1d90a13tree | snapshot
parent0a52185f110ac99b1ef326b6e1d548271e563f54commit | diff
Bug 14566: Fix permissions in patronimage.pl

There is no permission needed to access the patronimage.pl script.
This means anybody cans access to the patron's images.

Test plan:
Add an image to borrowernumber 42 and call
/cgi-bin/koha/members/patronimage.pl?borrowernumber=42

If you are logged in with borrowers permissions, you will see the image,
otherwise you will get a blank page with a 403 header.

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Conflicts:
members/patronimage.pl
members/patronimage.pl diff | blob | history
Main Koha release repository