https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36094
--- Comment #18 from David Cook <[email protected]> --- (In reply to Jonathan Druart from comment #17) > (In reply to David Cook from comment #16) > > All good. I worked it out in the end. > > > > See bug 36084. > > It's not secure. > > % curl > 'http://localhost:8081/cgi-bin/koha/svc/ > authentication?login_userid=koha&login_password=koha' > > <?xml version='1.0' standalone='yes'?> > <response> > <status>ok</status> > </response> Yeah, that's a problem with check_api_auth(), which I figured was outside the scope of this particular change. I suppose if it's a GET we might be able to delete the credentials out of the $query object before passing it to check_api_auth(). Without doing a lot of refactoring, I think we're probably going to be left with a hacky option like that. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
