http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=643
M. Tompsett <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Failed QA CC| |[email protected] --- Comment #14 from M. Tompsett <[email protected]> --- Sorry, but this doesn't solve the problem raised in comment #12. The issue is there is no equivalent CAN_user_force_checkout on the server-side, not whether someone can fake it or not. And also, even a lousy hacker can still read the randomish forceallow code from the page source and fake the url in this. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
