https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24879
--- Comment #35 from Marcel de Rooy <[email protected]> --- Reverting this bug for value_builder scripts would resolve the issues on 37041. Surely we should not be able to hit those value builder scripts from outside, so blocking them in Apache would be sufficient. Note that the whole design of these framework plugins dates from long ago and involves running files with perl do($file) in Koha/FrameworkPlugin. Note btw that this module did not introduce that pattern, but just moved it. Refactoring that would be nice but much more effort. The additional new CGI added in this patch would be fine for the auth_status check on a direct hit but creates new issues when logging in onto addbiblio or additem. The wrong session id is checked etc. Since simply blocking them makes the new cookie_auth checks unneeded, I would suggest to revert? -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
