git.koha-community.org Git - koha.git/commit

Bug 23634: Prevent non-superlibrarians from editing superlibarian emails

This patchset prevents a non-superlibrarian user from editing a
superlibrarians email address via memberentry. This is to prevent a
privilege escalation vulnerability whereby a user could update a
superlibrarians contact details to match their own and then request a
password reset via the OPAC.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit e4fdbd69722ee33fb0e7125f9a1b316e7f9f8b02)

author	Martin Renvoize <martin.renvoize@ptfs-europe.com>
	Tue, 19 Nov 2019 14:51:50 +0000 (14:51 +0000)
committer	Lucas Gass <lucas@bywatersolutions.com>
	Mon, 31 Aug 2020 20:00:38 +0000 (20:00 +0000)
commit	244a214333756fb376143a9280374055871b2a2d
tree	4ffa6a92b3ff69ac0e7be769c16f3adc746aca34	tree \| snapshot
parent	9a30aa8f53ccf3a05c1833c88f05abbce49b479b	commit \| diff

koha-tmpl/intranet-tmpl/prog/en/includes/member-alt-address-style.inc		diff \| blob \| history
koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tt		diff \| blob \| history
members/memberentry.pl		diff \| blob \| history