Re: [Koha-devel] Interlibrary loans module

2017-03-15 Thread Alex Sassmannshausen
Hi Gaetan, Yes, for sure — I would be more than happy to present this at the hackfest! Alex Gaetan Boisson writes: > Hi Alex, > > Would you consider presenting this work at the hackfest? > > I'd be very interested! > > Cheers, > > > Le 22/02/2017 à 07:52, Alex Sassmannshausen a écrit : >> Hu

Re: [Koha-devel] How to see security fixes

2017-03-15 Thread Devinim Koha Development Team
Hi all, In the opac-memberentry.pl authnotrequired area is 1 by default, in that case, user information can be reached without given a user authentication and this can lead some vulnerabilites, do we miss something? We were not able to understand why it is 1 by default? Thanks. On 14-03-20

Re: [Koha-devel] How to see security fixes

2017-03-15 Thread Jonathan Druart
Hi, authnotrequired is set to 1 because opac-memberentry.pl is also used by the self registration feature. The patron information displayed is based on the logged in user, not a parameter passed to the script. Everything looks ok to me. Regards, Jonathan On Wed, 15 Mar 2017 at 12:18 Devinim Koh

Re: [Koha-devel] How to see security fixes

2017-03-15 Thread Devinim Koha Development Team
Hi, In that case we can reach the user detailed information without giving a password by curl. If you want we can share the code how to get this information without authentication, from this list. On 15-03-2017 18:50, Jonathan Druart wrote: Hi, authnotrequired is set to 1 because opac-me

Re: [Koha-devel] How to see security fixes

2017-03-15 Thread Stefano Bargioni
Uh..., probably it is not so good to publish security issues on a public list. The official way is https://koha-community.org/security/ if I'm not wrong. sb > On 15 Mar 2017, at 16:57, Devinim Koha Development Team > wrote: > > Hi, > > In that case we can

Re: [Koha-devel] How to see security fixes

2017-03-15 Thread Devinim Koha Development Team
Hi, We have sent the code to the Jonathan Druart as he wanted and we can get all info without authorization even in 3.20.x, hence it should be fixed ASAP. Best regards, Devinim Koha Development Team On 15-03-2017 19:17, Stefano Bargioni wrote: Uh..., probably it is not so good to publish secur

Re: [Koha-devel] How to see security fixes

2017-03-15 Thread Devinim Koha Development Team
BTW, We have created this bug as #18275. We didnot put the script how to crawl the data on the bug. On 15-03-2017 19:27, Devinim Koha Development Team wrote: Hi, We have sent the code to the Jonathan Druart as he wanted and we can get all info without authorization even in 3.20.x, hence it