From feed19f154ef2025b85094c1b09a42b8e3a90141 Mon Sep 17 00:00:00 2001
From: Joe Atzberger <joe.atzberger@liblime.com>
Date: Thu, 23 Oct 2008 11:01:03 -0500
Subject: [PATCH] Patch security hole in vestigial report.

IMHO, this report should be removed in entirity because of its faulty
construction and total inability to distinguish between register "tills".
That is, it appears to be a valid accounting measure but isn't.
In any case, it let's not let just anybody run it!

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
---
 reports/stats.screen.pl | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/reports/stats.screen.pl b/reports/stats.screen.pl
index b15a50a020..ed38459524 100755
--- a/reports/stats.screen.pl
+++ b/reports/stats.screen.pl
@@ -25,11 +25,6 @@ use C4::Accounts;
 use C4::Debug;
 use Date::Manip;
 
-#use HTML::Template;
-#use Text::CSV_XS;
-#use Data::Dumper;
-
-
 my $input = new CGI;
 my $time  = $input->param('time');
 my $time2 = $input->param('time2');
@@ -41,7 +36,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
         query           => $input,
         type            => "intranet",
         authnotrequired => 1,
-        flagsrequired   => { borrowers => 1 },
+        flagsrequired   => { reports => 1 },
         debug           => 1,
     }
 );
-- 
2.39.2