projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 312cd6d) | patch
Bug 23634: Prevent non-superlibrarians from editing superlibarian emails
authorMartin Renvoize <martin.renvoize@ptfs-europe.com>
Tue, 19 Nov 2019 14:51:50 +0000 (14:51 +0000)
committerJonathan Druart <jonathan.druart@bugs.koha-community.org>
Wed, 2 Sep 2020 13:40:55 +0000 (15:40 +0200)
commit087af360cca661ecb2522451eeb1bbf2b4d54296
tree3be822d0e440eab74dc3a6fd92534383030a31detree | snapshot
parent312cd6dfd2bfc9818c676ea2dc3658ad71cddb04commit | diff
Bug 23634: Prevent non-superlibrarians from editing superlibarian emails

This patchset prevents a non-superlibrarian user from editing a
superlibrarians email address via memberentry.  This is to prevent a
privilege escalation vulnerability whereby a user could update a
superlibrarians contact details to match their own and then request a
password reset via the OPAC.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
koha-tmpl/intranet-tmpl/prog/en/includes/member-alt-address-style.inc diff | blob | history
koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tt diff | blob | history
members/memberentry.pl diff | blob | history
Main Koha release repository