Bug 14449: Add authentication check on retrieving item info when receiving
The script catalogue/getitem-ajax.pl is called by acqui/orderreceive.pl
when item is receipt.
There is not auth check done, this means anybody can retrieve item info.
Test plan:
With the acquisition => order_receive permission, try to receive an
item.
It should work.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Very easy to test.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit
ea263a2284f1b81da5718a0cfbc581909c86cf4a)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
projects / koha.git / commit