Security update.

qcovery · Feb 23, 2024 · d371e1e · d371e1e
1 parent fb5b878
commit d371e1e
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/local/config/vufind/config.ini b/local/config/vufind/config.ini
@@ -13,7 +13,7 @@ available       = true
 ; setting in permissions.ini to turn on debug using a GET parameter in the request.
 debug           = false
 ; This setting should be set to false after auto-configuration is complete
-autoConfigure = true
+autoConfigure = false
 ; This setting specifies a health check file location. If a health check file exists,
 ; the getServerStatus AJAX call will return an error regardless of actual status
 ; allowing the server to be disabled from a load-balancer.

diff --git a/module/VuFind/src/VuFind/Controller/CoverController.php b/module/VuFind/src/VuFind/Controller/CoverController.php
@@ -124,6 +124,8 @@ public function showAction()
     {
         $this->sessionSettings->disableWrite(); // avoid session write timing bug
 
+        /*
+        Removed code due to security warning on 20.02.2024
         // Special case: proxy a full URL:
         $url = $this->params()->fromQuery('proxy');
         if (!empty($url)) {
@@ -138,6 +140,7 @@ public function showAction()
                 // to display an image unavailable graphic.
             }
         }
+        */
 
         // Default case -- use image loader:
         $this->loader->loadImage($this->getImageParams());