http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=7383
--- Comment #9 from Chris Cormack <[email protected]> 2012-01-05 16:53:32 UTC --- (In reply to comment #8) > Chris and Owen, Does the current fix you are suggesting (requiring login to > e-mail cart) still allow a person who is not logged-in to search the catalog > and print/download the cart? If yes, does the clicking on the "Send" link > prompt the message, "You must be logged in to e-mail this cart"? The fix reverts the regression and puts it back how it was before in was accidentally changed. The other bug can then be used to change, on purpose. If I was you I would focus my energy on bug 4274, not this one. Bug 3651 puts the behaviour of the cart send, list send and opac-userudpate back as they were. It has been signed off, and should be pushed as soon as possible because currently, people could send an userupdate request without being logged in also. And yes it is only sending the cart, printing and downloading don't require logging in. But again, security is more important here, and bug 3651 should have its patch pushed and then people can work on how to do anonymous cart sending in a safe manner. -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
