https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40943
--- Comment #7 from Marcel de Rooy <[email protected]> --- One potential/theoretical concern could be leaking userenv to a template, logfile, cache, etc where it somehow could be exploited to get the session id or leak it into the http body. While scrolling thru userenv occurrences in the codebase, I dont see any reason for an actual concern about that. Obviously, we should (somehow) not allow that in the future too ;) -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
