We should not give libraries the ability to compromise patron accounts,
it is considered a huge security issue and nobody in network security
would never recommend allowing passwords to be transmitted in clear text
over email.
It should simply not be possible to send a patron's password in plain text
via email. As such, we should remove this ability from Koha.
Test Plan:
1) Apply this patch
2) Create a patron to generate the ACCTDETAILS email
3) Note you can no longer transmit the patron's password in the email
Signed-off-by: Amit Gupta <amitddng135@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
- "Your new Koha account details are:"
- ""
- "User: <<borrowers.userid>>"
- - "Password: <<borrowers.password>>"
- ""
- "If you have any problems or questions regarding your account, please contact your Koha Administrator."
- ""
+ - "If you do not have your account password, please contact your Koha Administrator."
+ - ""
- "Thank you,"
- "Koha Administrator"
- "kohaadmin@yoursite.org"
add_guarantors( $patron, $input );
$borrowernumber = $patron->borrowernumber;
$newdata{'borrowernumber'} = $borrowernumber;
+ delete $newdata{password};
}
# If 'AutoEmailOpacUser' syspref is on, email user their account details from the 'notice' that matches the user's branchcode.