projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 649bfe1) | patch
Bug 24878: Add authentication checks to the calendar tool
authorJonathan Druart <jonathan.druart@bugs.koha-community.org>
Mon, 16 Mar 2020 15:26:48 +0000 (16:26 +0100)
committerMartin Renvoize <martin.renvoize@ptfs-europe.com>
Thu, 26 Mar 2020 11:35:00 +0000 (11:35 +0000)
commitd2b2c61ff99c660be510339b8d83e719b9e054e4
treeb3e48c9f142c33791a8f03ffef4e0737f25c8561tree | snapshot
parent649bfe1ee2dc4825d44e7d9d200e8a21f8d8d430commit | diff
Bug 24878: Add authentication checks to the calendar tool

There is a security hole in 2 scripts that are used by the UI to edit
holidays.

To test:
1) Go to Tools -> Calendar, for Centerville
   Check no holiday for 30/4/2020
2) To add a new holiday without login execute
   a curl command with necessary parameters
3) Reload page from 1), verify the new holiday
   edit and delete the holiday
4) Apply the patch
5) Do 2) again, this time you get a lengthy output,
   with the magic words:

   <title>Koha &rsaquo;
       Log in to Koha
   </title>

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
tools/exceptionHolidays.pl diff | blob | history
tools/newHolidays.pl diff | blob | history
Mirror of git://git.koha-community.org/koha.git