[koha-commits] main Koha release repository branch 3.22.x updated. v3.22.05-38-g1c1d955

Git repo owner gitmaster at git.koha-community.org
Fri Apr 8 07:37:44 CEST 2016 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".

The branch, 3.22.x has been updated
       via  1c1d9558eb6df6f44e96d204e8e6683e3ae04491 (commit)
       via  182838a54498b4a00a4077779458cf005f5ec444 (commit)
       via  279732365eb07bf9f9929402aadd837c16f131b6 (commit)
      from  8695bfbb6cf896227ff07ca5cbb6bd3a3de7d5fe (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 1c1d9558eb6df6f44e96d204e8e6683e3ae04491
Author: Owen Leonard <oleonard at myacpl.org>
Date:   Fri Mar 18 09:41:15 2016 -0400

    Bug 15984 - Correct templates which use the phrase "issuing rules"
    
    This patch corrects two places in the templates where the phrase
    "issuing rules" is used instead of "circulation and fine rules."
    
    To test, apply the patch and view the help pages for Administration ->
    Circulation and fine rules; and Tools -> Automatic item modification by
    age. Confirm that the term "circulation and fine rules" is used instead
    of "issuing rules."
    
    Signed-off-by: Marc Véron <veron at veron.ch>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
    
    Signed-off-by: Brendan Gallagher brendan at bywatersolutions.com
    (cherry picked from commit 98a9e30f040661e0a67a594f72abd8ab02cf9ad6)
    Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>

commit 182838a54498b4a00a4077779458cf005f5ec444
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Fri Feb 12 11:49:28 2016 +0000

    Bug 14076: Do not use CGI->param in list context - opac-authorities-home.pl
    
    See bug 15809 for more info on why we should not use CGI->param in list
    context.
    
    Note: I have not found any places where several values for the same
    params are passed to this script but, just in case, this patch won't
    change this ability.
    
    Test plan:
    Do an authority search at the OPAC
    Test with several values of the form.
    Confirm that the results are always the same before and after this
    patch.
    
    Signed-off-by: Mark Tompsett <mtompset at hotmail.com>
    Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
    
    Signed-off-by: Brendan Gallagher brendan at bywatersolutions.com
    (cherry picked from commit 3fa2b10150a9ea2db2897be1246cba3785c55e55)
    Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>

commit 279732365eb07bf9f9929402aadd837c16f131b6
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Fri Feb 12 11:32:02 2016 +0000

    Bug 15809: Redefine multi_param is CGI < 4.08 is used
    
    On debian Jessie, the CGI version is >= 4.08
    Since this version, the param method raise a warning
    "CGI::param called in list context".
    Indeed, it can cause vulnerability if called in list context
    
    https://metacpan.org/pod/CGI#Fetching-the-value-or-values-of-a-single-named-parameter
    http://blog.gerv.net/2014/10/new-class-of-vulnerability-in-perl-web-applications/
    
    There is a long journey to get rid of these warnings.
    First I suggest to redefine the multi_param method when the CGI version
     installed is < 4.08, it will allow us to move the wrong ->param calls to
     ->multi_param without waiting for everybody to upgrade.
    
    The different ways to call these 2 methods are:
    
    my $foo = $cgi->param('foo'); # OK
    
    my @foo = $cgi->param('foo'); # NOK, will raise the warning
    my @foo = $cgi->multi_param('foo'); #OK
    
    $template->param( foo => $cgi->param('foo') ); # NOK, will raise the warning
                                                   # and vulnerable
    $template->param( foo => scalar $cgi->param('foo') ); # OK
    
    Signed-off-by: Mark Tompsett <mtompset at hotmail.com>
    
    Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
    Tested a call to multi_param with CGI < 4.08.
    With reference to the comments on Bugzilla, this workaround is arguable,
    but provides a base to move to multi_param. If we come up with a better
    solution, it should be easy to adjust.
    
    Signed-off-by: Brendan Gallagher brendan at bywatersolutions.com
    (cherry picked from commit 94dde6b48d6e20a5260ea49f9b98ec884c2c25b5)
    Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>

-----------------------------------------------------------------------

Summary of changes:
 C4/Context.pm                                               |    9 +++++++++
 .../intranet-tmpl/prog/en/modules/help/admin/smart-rules.tt |    2 +-
 opac/opac-authorities-home.pl                               |   11 ++++++-----
 3 files changed, 16 insertions(+), 6 deletions(-)


hooks/post-receive
-- 
main Koha release repository

More information about the koha-commits mailing list