[Koha-bugs] [Bug 25672] Administrators should be able to restrict client-side plugin upload to trusted sources
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Oct 9 13:44:16 CEST 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25672
--- Comment #69 from Martin Renvoize <martin.renvoize at ptfs-europe.com> ---
Created attachment 156740
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=156740&action=edit
Bug 25672: Restore redirect on restricted upload
This patch restores the immediate redirect from plugins-upload should
uploads be restricted and an uploadlocation not be specified.
Amended test plan:
1) Apply the full patchset
2) Confirm <enable_plugins>1</enable_plugins> is present in koha-conf.xml
3) Add <plugins_restricted>1</plugins_restricted> to koha-conf.xml
4) Confirm that the <plugin_repos> block us not commented and contains at
least one trusted organisation in koha-conf.xml
5) Run restart_all (in koha-testing-docker)
6) Go to /cgi-bin/koha/plugins/plugins-home.pl and note that you don't see
an option to upload plugins
7) You should however see a search option and upon search you should have
results returned from the chosen trusted organisations listed in the
<plugin_repos> block mentioned above.
8) Clicking install on one of the results should work as expected and install
the plugin.
9) Go directly to /cgi-bin/koha/plugins/plugins-upload.pl and note that it says
"Plugin upload is restricted to only those plugins listed by your server
administrator" and gives instructions on how to enable unrestricted browser
upload.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list