http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8515
Melia Meggs <me...@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #13236|0 |1 is obsolete| | --- Comment #6 from Melia Meggs <me...@bywatersolutions.com> --- Created attachment 13313 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=13313&action=edit [Signed off] Bug 8515 - OPAC password change does not obey OpacPasswordChange The OPAC change password template enforces the OpacPasswordChange preference by preventing the form from appearing. However, the script doesn't contain any check for OpacPasswordChange so it is vulnerable to someone submitting data to it by some other means. This patch adds a check for OpacPasswordChange to the script and revises the template logic in order to show the right warning in all circumstances. To test, turn off OpacPasswordChange and navigate manually to opac-passwd.pl. You should see a warning that you can't change your password. Turn on OpacPasswordChange load the change password page and save the page to your desktop. Turn off OpacPasswordChange and submit a password change via the saved page. Without the patch this would result in a password change. After the patch it should not. Signed-off-by: Melia Meggs <me...@test.bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/