]> git.koha-community.org Git - koha.git/commit
Bug 9569: Security patch for AutoLocation
authorJonathan Druart <jonathan.druart@bugs.koha-community.org>
Thu, 19 Jan 2017 10:46:21 +0000 (11:46 +0100)
committerMason James <mtj@kohaaloha.com>
Mon, 30 Jan 2017 22:54:51 +0000 (11:54 +1300)
commitab7e841d4f713c784a853d009df420fe707f4aa0
tree96a3bf2c8d5e63acc18af464afaf411253788017
parent22ccccc0bf514b232c30b533591f8c6378e46b2e
Bug 9569: Security patch for AutoLocation

If a patron is not allowed to access the staff interface because its IP
address in the authorised range of IPs, the cookie should not contain
the CGISESSID.
If it is, the patron is logged in and will be able to access the staff
interface if he reload the page (or hit another one).

Test plan:
Confirm the that AutoLocation feature is now working as expected.

Note: It seems that this feature has never really worked as intended.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
C4/Auth.pm