Thanks, Jason and Mike! This is a very good catch. I was able to confirm this on enhanced concerto:
1. Enable the password reset action trigger
2. Adding an email address to a patron in the staff client
3. Requesting a password reset for them in the OPAC
4. As opensrf: action_trigger_runner.pl --run-pending
5. As an unauthenticated user, creating a basket in the OPAC and printing it
6. Closing the print dialog and changing the ID in the URL
7. Using the provided password reset URL to change the patron's password
The patch didn't work for me out of the box, I got Internal Server errors even when trying to view bib list output, and perl -c said:
Global symbol "$self" requires explicit package name (did you forget to declare "my $self"?) at /home/opensrf/repos/Evergreen/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/Record.pm line 729.
/home/opensrf/repos/Evergreen/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/Record.pm had compilation errors.
I pushed my signoff, along with a lil follow up commit to make it compile to security/collab/sandbergja/lp2070078_plug_print_leak. I also took the opportunity to add the LP number and a release note to the original commit. Definitely feel free to amend if my follow-up is not what you had in mind, or if the release note is not to your liking.
Thanks, Jason and Mike! This is a very good catch. I was able to confirm this on enhanced concerto: trigger_ runner. pl --run-pending
1. Enable the password reset action trigger
2. Adding an email address to a patron in the staff client
3. Requesting a password reset for them in the OPAC
4. As opensrf: action_
5. As an unauthenticated user, creating a basket in the OPAC and printing it
6. Closing the print dialog and changing the ID in the URL
7. Using the provided password reset URL to change the patron's password
The patch didn't work for me out of the box, I got Internal Server errors even when trying to view bib list output, and perl -c said:
Global symbol "$self" requires explicit package name (did you forget to declare "my $self"?) at /home/opensrf/ repos/Evergreen /Open-ILS/ src/perlmods/ lib/OpenILS/ WWW/EGCatLoader /Record. pm line 729. repos/Evergreen /Open-ILS/ src/perlmods/ lib/OpenILS/ WWW/EGCatLoader /Record. pm had compilation errors.
/home/opensrf/
I pushed my signoff, along with a lil follow up commit to make it compile to security/ collab/ sandbergja/ lp2070078_ plug_print_ leak. I also took the opportunity to add the LP number and a release note to the original commit. Definitely feel free to amend if my follow-up is not what you had in mind, or if the release note is not to your liking.
Have a good weekend!