git.koha-community.org Git - koha.git/commit

]> git.koha-community.org Git - koha.git/commit

author	Galen Charlton <gmcharlt@gmail.com>
	Wed, 10 Nov 2010 03:00:50 +0000 (22:00 -0500)
committer	Chris Cormack <chrisc@catalyst.net.nz>
	Wed, 10 Nov 2010 06:39:50 +0000 (19:39 +1300)
commit	89cda847a1852a0b42b79f245af57ec4ae429bd3
tree	413611808a737cff28d8c07f8d45d5a4a721b4eb	tree \| snapshot
parent	637e5c6713d781706d660d66a17b05e8afc35a2e	commit \| diff

follow-up to reports permissions patch

* Enforce the requirement that the user must have the
  create_reports permission in order to delete a saved report;
  closes hole where unprivileged user could delete reports
  by constructing a URL maliciously
* Added another tweak of the template - don't offer option
  to create a new report if the user doesn't have permission.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

koha-tmpl/intranet-tmpl/prog/en/modules/reports/guided_reports_start.tmpl		diff \| blob \| history
reports/guided_reports.pl		diff \| blob \| history

Main Koha release repository

RSS Atom