[koha-commits] main Koha release repository branch 3.22.x updated. v3.22.05-38-g1c1d955
Git repo owner
gitmaster at git.koha-community.org
Fri Apr 8 07:37:44 CEST 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".
The branch, 3.22.x has been updated
via 1c1d9558eb6df6f44e96d204e8e6683e3ae04491 (commit)
via 182838a54498b4a00a4077779458cf005f5ec444 (commit)
via 279732365eb07bf9f9929402aadd837c16f131b6 (commit)
from 8695bfbb6cf896227ff07ca5cbb6bd3a3de7d5fe (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 1c1d9558eb6df6f44e96d204e8e6683e3ae04491
Author: Owen Leonard <oleonard at myacpl.org>
Date: Fri Mar 18 09:41:15 2016 -0400
Bug 15984 - Correct templates which use the phrase "issuing rules"
This patch corrects two places in the templates where the phrase
"issuing rules" is used instead of "circulation and fine rules."
To test, apply the patch and view the help pages for Administration ->
Circulation and fine rules; and Tools -> Automatic item modification by
age. Confirm that the term "circulation and fine rules" is used instead
of "issuing rules."
Signed-off-by: Marc Véron <veron at veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Signed-off-by: Brendan Gallagher brendan at bywatersolutions.com
(cherry picked from commit 98a9e30f040661e0a67a594f72abd8ab02cf9ad6)
Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
commit 182838a54498b4a00a4077779458cf005f5ec444
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Fri Feb 12 11:49:28 2016 +0000
Bug 14076: Do not use CGI->param in list context - opac-authorities-home.pl
See bug 15809 for more info on why we should not use CGI->param in list
context.
Note: I have not found any places where several values for the same
params are passed to this script but, just in case, this patch won't
change this ability.
Test plan:
Do an authority search at the OPAC
Test with several values of the form.
Confirm that the results are always the same before and after this
patch.
Signed-off-by: Mark Tompsett <mtompset at hotmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
Signed-off-by: Brendan Gallagher brendan at bywatersolutions.com
(cherry picked from commit 3fa2b10150a9ea2db2897be1246cba3785c55e55)
Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
commit 279732365eb07bf9f9929402aadd837c16f131b6
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Fri Feb 12 11:32:02 2016 +0000
Bug 15809: Redefine multi_param is CGI < 4.08 is used
On debian Jessie, the CGI version is >= 4.08
Since this version, the param method raise a warning
"CGI::param called in list context".
Indeed, it can cause vulnerability if called in list context
https://metacpan.org/pod/CGI#Fetching-the-value-or-values-of-a-single-named-parameter
http://blog.gerv.net/2014/10/new-class-of-vulnerability-in-perl-web-applications/
There is a long journey to get rid of these warnings.
First I suggest to redefine the multi_param method when the CGI version
installed is < 4.08, it will allow us to move the wrong ->param calls to
->multi_param without waiting for everybody to upgrade.
The different ways to call these 2 methods are:
my $foo = $cgi->param('foo'); # OK
my @foo = $cgi->param('foo'); # NOK, will raise the warning
my @foo = $cgi->multi_param('foo'); #OK
$template->param( foo => $cgi->param('foo') ); # NOK, will raise the warning
# and vulnerable
$template->param( foo => scalar $cgi->param('foo') ); # OK
Signed-off-by: Mark Tompsett <mtompset at hotmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
Tested a call to multi_param with CGI < 4.08.
With reference to the comments on Bugzilla, this workaround is arguable,
but provides a base to move to multi_param. If we come up with a better
solution, it should be easy to adjust.
Signed-off-by: Brendan Gallagher brendan at bywatersolutions.com
(cherry picked from commit 94dde6b48d6e20a5260ea49f9b98ec884c2c25b5)
Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
-----------------------------------------------------------------------
Summary of changes:
C4/Context.pm | 9 +++++++++
.../intranet-tmpl/prog/en/modules/help/admin/smart-rules.tt | 2 +-
opac/opac-authorities-home.pl | 11 ++++++-----
3 files changed, 16 insertions(+), 6 deletions(-)
hooks/post-receive
--
main Koha release repository
More information about the koha-commits
mailing list