git.koha-community.org Git - koha.git/commit

author	Owen Leonard <oleonard@myacpl.org>
	Fri, 2 Nov 2012 16:40:08 +0000 (12:40 -0400)
committer	Chris Cormack <chrisc@catalyst.net.nz>
	Mon, 26 Nov 2012 07:56:02 +0000 (20:56 +1300)
commit	bc7034a0b21ad9166a5868c96d83c3525c915c5c
tree	c3b6714f7eeba60a878b87f01a75786f5f1c122b	tree \| snapshot
parent	fd61723deb84e9a09eedf03a0ed43f24f3f9bcb8	commit \| diff

Bug 8515 - OPAC password change does not obey OpacPasswordChange

The OPAC change password template enforces the OpacPasswordChange
preference by preventing the form from appearing. However, the
script doesn't contain any check for OpacPasswordChange so it is
vulnerable to someone submitting data to it by some other means.

This patch adds a check for OpacPasswordChange to the script and
revises the template logic in order to show the right warning
in all circumstances.

To test, turn off OpacPasswordChange and navigate manually to
opac-passwd.pl. You should see a warning that you can't change
your password.

Turn on OpacPasswordChange load the change password page and
save the page to your desktop. Turn off OpacPasswordChange and
submit a password change via the saved page. Without the patch
this would result in a password change. After the patch it
should not.

Signed-off-by: Melia Meggs <melia@test.bywatersolutions.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Confirmed bug and made sure patch fixes it.
Passes all tests and perlcritic.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

koha-tmpl/opac-tmpl/prog/en/modules/opac-passwd.tt		diff \| blob \| history
opac/opac-passwd.pl		diff \| blob \| history