[VUFIND-1143] Logged in users can manipulate other users' saved searches Created: 03/Feb/16  Updated: 03/Feb/16  Resolved: 03/Feb/16

Status: Resolved
Project: VuFind®
Components: MyResearch
Affects versions: 2.5.1
Fix versions: 2.5.2

Type: Bug Priority: Major
Reporter: Demian Katz Assignee: Unassigned
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified


 Description   
A logged in user can save or unsave another user's searches by manipulating ID numbers in URLs. This has been fixed by these commits:

https://github.com/vufind-org/vufind/commit/a1643a5ce691cdbf9b42259169755c9f96ffec36

https://github.com/vufind-org/vufind/commit/30f7f9b3b6e28eae5c9cd3da3379d7bf564483fe
Generated at Thu Mar 28 14:50:30 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100248-rev:e207e3a88e19bebfd0fd5834088a20d22d89a0a2.