git.koha-community.org Git - koha.git/commit

Bug 9569: Security patch for AutoLocation

If a patron is not allowed to access the staff interface because its IP
address in the authorised range of IPs, the cookie should not contain
the CGISESSID.
If it is, the patron is logged in and will be able to access the staff
interface if he reload the page (or hit another one).

Test plan:
Confirm the that AutoLocation feature is now working as expected.

Note: It seems that this feature has never really worked as intended.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 93cc0956a923e94663ae74d1f435604844536571)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

author	Jonathan Druart <jonathan.druart@bugs.koha-community.org>
	Thu, 19 Jan 2017 10:46:21 +0000 (11:46 +0100)
committer	Julian Maurice <julian.maurice@biblibre.com>
	Mon, 30 Jan 2017 15:22:28 +0000 (16:22 +0100)
commit	23d3ca374fe2940ba016612f41310b539ce4e0c8
tree	c0a092270d31a8afe97eacedb8ba2fc95d6b4438	tree \| snapshot
parent	bb39ed102872924b091c74e5960893ff60e9c4a7	commit \| diff