[Koha-bugs] [Bug 25672] Administrators should be able to restrict client-side plugin upload to trusted sources

[bugzilla-daemon at bugs.koha-community.org]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25672

Victor Grousset/tuxayo <victor at tuxayo.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |victor at tuxayo.net
             Status|Signed Off                  |Failed QA

--- Comment #61 from Victor Grousset/tuxayo <victor at tuxayo.net> ---
Test plan outdated. It still mentions enable_plugin_browser_upload.

<enable_plugin_browser_upload>0</enable_plugin_browser_upload>
↓↓↓
<plugins_restricted>1</plugins_restricted>

----

> 6) Go to /cgi-bin/koha/plugins/plugins-upload.pl and note that it says
> "Plugin browser upload disabled!" and gives instructions on how to enable
> browser upload

Outdated. The form is here, but upon uploading the kitchen sink plugin I get
«Cannot install plugin from unknown source whilst plugins_restricted is
enabled.»

Beside the divergence with the test plan (so test plan needs to be aligned with
current expectations), the form shouldn't be accessible (even via direct URL),
right? Like it was in earlier iterations of this ticket IIUC. (then test plan
is correct (needs a proofread of the rest, still))

----

> 9) Enable Koha plugin git repos and search for "coverflow"
> 10) Note that you can find the plugin but you cannot install it

Turns out I can! 

> 11) Change enable_plugin_browser_upload back to 1 and "restart_all"
> 12) Note that you can not upload plugins, uninstall plugins, and install
plugins from Git repos

"not" => "now" ? Seem like a typo?

----

- Rebased patches (thanks to applying on an old main/master commit to
circumvent the "sha1 information is lacking or useless" error)
- added tidy follow-up

-- 
You are receiving this mail because:
You are watching all bug changes.