http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15050
Bug ID: 15050
Summary: Nonpublic note searchable from OPAC
Change sponsored?: ---
Product: Koha
Version: 3.20
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P5 - low
Component: Cataloging
Assignee: gmcha...@gmail.com
Reporter: mi...@abunchofthings.net
QA Contact: testo...@bugs.koha-community.org
CC: m.de.r...@rijksmuseum.nl
Text in the Nonpublic note can be found via OPAC. The text is not displayed,
but if you know what you are looking for, you still get the information. Found
in 3.20, I assume it is still valid in master. Bug 13023 does not fix it.
To reproduce, put something unique in an item's nonpublic note. Re-index.
Search from the OPAC -> you will find the title your item belongs to. Delete
the nonpublic note and reindex, you can't find it anymore.
Don't know if this qualifies as a security risk.
--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
