[Koha-bugs] [Bug 18898] Some permissions for Reports can be bypassed
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18898 Mason James changed: What|Removed |Added CC||m...@kohaaloha.com --- Comment #10 from Mason James --- Pushed to 16.05.x, for 16.05.17 release -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 18898] Some permissions for Reports can be bypassed
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18898 Katrin Fischer changed: What|Removed |Added CC||katrin.fisc...@bsz-bw.de --- Comment #9 from Katrin Fischer --- This patch has been pushed to 16.11.x and will be in 16.11.12. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 18898] Some permissions for Reports can be bypassed
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18898 Fridolin SOMERS changed: What|Removed |Added Status|Pushed to Master|Pushed to Stable CC||fridolin.som...@biblibre.co ||m --- Comment #8 from Fridolin SOMERS --- Pushed to 17.05.x, will be in 17.05.04. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 18898] Some permissions for Reports can be bypassed
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18898 Jonathan Druart changed: What|Removed |Added Status|Passed QA |Pushed to Master --- Comment #7 from Jonathan Druart --- Pushed to master for 17.11, thanks to everybody involved! -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 18898] Some permissions for Reports can be bypassed
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18898 Nick Clemens changed: What|Removed |Added Status|Signed Off |Passed QA -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 18898] Some permissions for Reports can be bypassed
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18898 Nick Clemens changed: What|Removed |Added Attachment #65320|0 |1 is obsolete|| --- Comment #6 from Nick Clemens --- Created attachment 65337 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=65337&action=edit Bug 18898 - Some permissions for Reports can be bypassed If you manually visit the following links when you only have permission to run reports, you'll still be able to access the ability to create and edit reports: /cgi-bin/koha/reports/guided_reports.pl?phase=Create%20report%20from%20SQL /cgi-bin/koha/reports/guided_reports.pl?phase=Edit%20SQL This patch ties these 2 unaccounted for phases to the create_reports permission. With patch, issue no longer can be reproduced. Signed-off-by: Marc Véron Signed-off-by: Nick Clemens -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 18898] Some permissions for Reports can be bypassed
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18898 Marc Véron changed: What|Removed |Added Status|Needs Signoff |Signed Off CC||ve...@veron.ch Patch complexity|--- |Trivial patch -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 18898] Some permissions for Reports can be bypassed
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18898 Marc Véron changed: What|Removed |Added Attachment #65292|0 |1 is obsolete|| --- Comment #5 from Marc Véron --- Created attachment 65320 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=65320&action=edit Bug 18898 - Some permissions for Reports can be bypassed If you manually visit the following links when you only have permission to run reports, you'll still be able to access the ability to create and edit reports: /cgi-bin/koha/reports/guided_reports.pl?phase=Create%20report%20from%20SQL /cgi-bin/koha/reports/guided_reports.pl?phase=Edit%20SQL This patch ties these 2 unaccounted for phases to the create_reports permission. With patch, issue no longer can be reproduced. Signed-off-by: Marc Véron -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 18898] Some permissions for Reports can be bypassed
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18898 David Cook changed: What|Removed |Added Assignee|koha-b...@lists.koha-commun |dc...@prosentient.com.au |ity.org | -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 18898] Some permissions for Reports can be bypassed
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18898 --- Comment #4 from David Cook --- Created attachment 65292 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=65292&action=edit Bug 18898 - Some permissions for Reports can be bypassed If you manually visit the following links when you only have permission to run reports, you'll still be able to access the ability to create and edit reports: /cgi-bin/koha/reports/guided_reports.pl?phase=Create%20report%20from%20SQL /cgi-bin/koha/reports/guided_reports.pl?phase=Edit%20SQL This patch ties these 2 unaccounted for phases to the create_reports permission. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 18898] Some permissions for Reports can be bypassed
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18898 David Cook changed: What|Removed |Added Status|NEW |Needs Signoff -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 18898] Some permissions for Reports can be bypassed
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18898 --- Comment #3 from David Cook --- Also reproduced it. Let's see if I can fix this quickly... -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 18898] Some permissions for Reports can be bypassed
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18898 David Cook changed: What|Removed |Added CC||dc...@prosentient.com.au --- Comment #2 from David Cook --- Doesn't surprise me. There are many parts of Koha where the permission restricts viewing a link or a button, but doesn't apply to the actual web page itself :/. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 18898] Some permissions for Reports can be bypassed
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18898 Josef Moravec changed: What|Removed |Added Version|16.11 |master -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 18898] Some permissions for Reports can be bypassed
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18898 Josef Moravec changed: What|Removed |Added CC||josef.mora...@gmail.com Severity|normal |major --- Comment #1 from Josef Moravec --- I could confirm that on master too, raising importance... -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/