VuFind
  1. VuFind
  2. VUFIND-1143

Logged in users can manipulate other users' saved searches

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.5.1
    • Fix Version/s: 2.5.2
    • Component/s: MyResearch
    • Labels:
      None

      Description

      A logged in user can save or unsave another user's searches by manipulating ID numbers in URLs. This has been fixed by these commits:

      https://github.com/vufind-org/vufind/commit/a1643a5ce691cdbf9b42259169755c9f96ffec36

      https://github.com/vufind-org/vufind/commit/30f7f9b3b6e28eae5c9cd3da3379d7bf564483fe

        Activity

        There are no comments yet on this issue.

          People

          • Assignee:
            Unassigned
            Reporter:
            Demian Katz
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: