]> git.koha-community.org Git - koha.git/commit
Bug 9569: Security patch for AutoLocation
authorJonathan Druart <jonathan.druart@bugs.koha-community.org>
Thu, 19 Jan 2017 10:46:21 +0000 (11:46 +0100)
committerKyle M Hall <kyle@bywatersolutions.com>
Mon, 30 Jan 2017 11:25:06 +0000 (11:25 +0000)
commit93cc0956a923e94663ae74d1f435604844536571
tree65d39b125253d8a6acd3058edd547b777f08928f
parent7afddcb157a8d8e27cfdee3cdbeb0eae483aa24c
Bug 9569: Security patch for AutoLocation

If a patron is not allowed to access the staff interface because its IP
address in the authorised range of IPs, the cookie should not contain
the CGISESSID.
If it is, the patron is logged in and will be able to access the staff
interface if he reload the page (or hit another one).

Test plan:
Confirm the that AutoLocation feature is now working as expected.

Note: It seems that this feature has never really worked as intended.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
C4/Auth.pm