https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27358
Martin Renvoize <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off --- Comment #16 from Martin Renvoize <[email protected]> --- This works well and I like it.. signing off.. However, I have one security/qa comment... I think it would be best to reverse the logic here.. Instead of the `BlockList` approach, we have with `api_privileged_attrs` I think we should instead implement an `AllowList` to 'fail safe' if someone forgets to add a field to the list: `api_public_atts` perhaps? -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
