]> git.koha-community.org Git - koha.git/commit
projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6b9e3df) | patch
Bug 23634: Prevent non-superlibrarians from editing superlibarian emails
authorMartin Renvoize <martin.renvoize@ptfs-europe.com>
Tue, 19 Nov 2019 14:51:50 +0000 (14:51 +0000)
committerAleisha Amohia <aleishaamohia@hotmail.com>
Tue, 25 Aug 2020 03:34:25 +0000 (15:34 +1200)
commit813a45767d617777d89bdfc21b78c49d5c743b09
tree54bc64a91b2307fa27105790159ba68761dc258ctree | snapshot
parent6b9e3dfae1311a475dc7258a2e3e65a55b694ec4commit | diff
Bug 23634: Prevent non-superlibrarians from editing superlibarian emails

This patchset prevents a non-superlibrarian user from editing a
superlibrarians email address via memberentry.  This is to prevent a
privilege escalation vulnerability whereby a user could update a
superlibrarians contact details to match their own and then request a
password reset via the OPAC.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tt diff | blob | history
members/memberentry.pl diff | blob | history
Main Koha release repository