[Bug 36799] New: Illegitimate modification of MARC authid field content (001)
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36799 Bug ID: 36799 Summary: Illegitimate modification of MARC authid field content (001) Change sponsored?: --- Product: Koha Version: unspecified Hardware: All OS: All Status: NEW Severity: minor Priority: P5 - low Component: MARC Authority data support Assignee: januszop@gmail.com Reporter: januszop@gmail.com QA Contact: testopia@bugs.koha-community.org It happens that librarians to save time open an authority editor by putting in the URL, by hand, the authid prefixed, by mistake, with a blank (e.g. .../authorities.pl?authid= 100 -- mind the space before 100). In such a case the editor opens with the right auth record (i.e. 100) but, after saving the record, the content of the authid MARC field (001 for a standard MARC 21 installation) results modified and contains additional initial blanks. Moreover, if the heading (1XX field) was modified in the authority record during such an edit, the changes will not propagate to the linked bibliographic records. And won't in the future. This is because in the authorities.pl script $authid is taken (and continuously used) directly from CGI parameter, without any validation and/or correction (line 540 in the current main branch). -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36799 Janusz Kaczmarek <januszop@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36799 --- Comment #1 from Janusz Kaczmarek <januszop@gmail.com> --- Created attachment 166245 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=166245&action=edit Bug 36799: Illegitimate modification of MARC authid field content (001) It happens that librarians to save time open an authority editor by putting in the URL, by hand, the authid prefixed, by mistake, with a blank (e.g. .../authorities.pl?authid= 100 -- mind the space before 100). In such a case the editor opens with the right auth record (i.e. 100) but, after saving the record, the content of the authid MARC field (001 for a standard MARC 21 installation) results modified and contains additional initial blanks. Moreover, if the heading (1XX field) was modified in the authority record during such an edit, the changes will not propagate to the linked bibliographic records. And won't in the future. This is because in the authorities.pl script $authid is taken (and continuously used) directly from CGI parameter, without any validation and/or correction (line 540 in the current main branch). Test plan: ========== 1. Open an auth record in the editor with an added space before authid value, e.g.: http://ktd:8081/cgi-bin/koha/authorities/detail.pl?authid= 100 Modify the heading field -- in the ktd data set: 150 Computerized typesetting Save the record. 2. a) Open the record for editing again--see the space added before the authid in field 001. Close the editor (with Cancel). b) Try to go to the linked biblio records with Used in X records. Note no results, if using ES. c) Remove the space before authid (after an:) in the URL. Go to the linked biblio records. See that the content of the field controlled by the modified auth record did not update. 3. Apply the patch; restart_all. 4. Repeat p. 1 and 2 with a different authid. Everything should be OK now. Sponsored-by: Ignatianum University in Cracow -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36799 Janusz Kaczmarek <januszop@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Change sponsored?|--- |Sponsored -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36799 Roman Dolny <roman.dolny@jezuici.pl> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36799 Roman Dolny <roman.dolny@jezuici.pl> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #166245|0 |1 is obsolete| | --- Comment #2 from Roman Dolny <roman.dolny@jezuici.pl> --- Created attachment 166315 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=166315&action=edit Bug 36799: Illegitimate modification of MARC authid field content (001) It happens that librarians to save time open an authority editor by putting in the URL, by hand, the authid prefixed, by mistake, with a blank (e.g. .../authorities.pl?authid= 100 -- mind the space before 100). In such a case the editor opens with the right auth record (i.e. 100) but, after saving the record, the content of the authid MARC field (001 for a standard MARC 21 installation) results modified and contains additional initial blanks. Moreover, if the heading (1XX field) was modified in the authority record during such an edit, the changes will not propagate to the linked bibliographic records. And won't in the future. This is because in the authorities.pl script $authid is taken (and continuously used) directly from CGI parameter, without any validation and/or correction (line 540 in the current main branch). Test plan: ========== 1. Open an auth record in the editor with an added space before authid value, e.g.: http://ktd:8081/cgi-bin/koha/authorities/detail.pl?authid= 100 Modify the heading field -- in the ktd data set: 150 Computerized typesetting Save the record. 2. a) Open the record for editing again--see the space added before the authid in field 001. Close the editor (with Cancel). b) Try to go to the linked biblio records with Used in X records. Note no results, if using ES. c) Remove the space before authid (after an:) in the URL. Go to the linked biblio records. See that the content of the field controlled by the modified auth record did not update. 3. Apply the patch; restart_all. 4. Repeat p. 1 and 2 with a different authid. Everything should be OK now. Sponsored-by: Ignatianum University in Cracow Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36799 Nick Clemens (kidclamp) <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Passed QA -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36799 Nick Clemens (kidclamp) <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #166315|0 |1 is obsolete| | --- Comment #3 from Nick Clemens (kidclamp) <nick@bywatersolutions.com> --- Created attachment 166572 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=166572&action=edit Bug 36799: Illegitimate modification of MARC authid field content (001) It happens that librarians to save time open an authority editor by putting in the URL, by hand, the authid prefixed, by mistake, with a blank (e.g. .../authorities.pl?authid= 100 -- mind the space before 100). In such a case the editor opens with the right auth record (i.e. 100) but, after saving the record, the content of the authid MARC field (001 for a standard MARC 21 installation) results modified and contains additional initial blanks. Moreover, if the heading (1XX field) was modified in the authority record during such an edit, the changes will not propagate to the linked bibliographic records. And won't in the future. This is because in the authorities.pl script $authid is taken (and continuously used) directly from CGI parameter, without any validation and/or correction (line 540 in the current main branch). Test plan: ========== 1. Open an auth record in the editor with an added space before authid value, e.g.: http://ktd:8081/cgi-bin/koha/authorities/detail.pl?authid= 100 Modify the heading field -- in the ktd data set: 150 Computerized typesetting Save the record. 2. a) Open the record for editing again--see the space added before the authid in field 001. Close the editor (with Cancel). b) Try to go to the linked biblio records with Used in X records. Note no results, if using ES. c) Remove the space before authid (after an:) in the URL. Go to the linked biblio records. See that the content of the field controlled by the modified auth record did not update. 3. Apply the patch; restart_all. 4. Repeat p. 1 and 2 with a different authid. Everything should be OK now. Sponsored-by: Ignatianum University in Cracow Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36799 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |rel_24_05_candidate Status|Passed QA |Failed QA CC| |m.de.rooy@rijksmuseum.nl --- Comment #4 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- As we have an expert for authorities/001 with Marcel, could you give your opinion? Is 001 being something other than numeric really impossible today? -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36799 --- Comment #5 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- Also somewhat blocked from doing tests here by Bug 36832 :( -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36799 --- Comment #6 from Janusz Kaczmarek <januszop@gmail.com> --- (In reply to Katrin Fischer from comment #4)
As we have an expert for authorities/001 with Marcel, could you give your opinion? Is 001 being something other than numeric really impossible today?
Well, in fact, we are not talking here specifically about 001 which--in general--can contain anything. We are talking about Koha authid stored--in standard Koha setup--in 001. And Koha auth_header.authid is BIGINT UNSIGNED [20] (cf. https://schema.koha-community.org/main/tables/auth_header.html). Theoretically, one could store authid in a different place--the patch does nothing with 001, it does with authid. Could you consider changing the status, please ;) -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36799 --- Comment #7 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- Not pushing anything more today - but as a bug fix we still got time for this. Also no string changes. Let me come back to this Monday. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36799 Nick Clemens (kidclamp) <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=36794 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36799 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Failed QA |Passed QA -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36799 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Passed QA |Pushed to main Version(s)| |24.05.00 released in| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36799 --- Comment #8 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- Pushed for 24.05! Well done everyone, thank you! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36799 Fridolin Somers <fridolin.somers@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fridolin.somers@biblibre.co | |m Version(s)|24.05.00 |24.05.00,23.11.06 released in| | Status|Pushed to main |Pushed to stable --- Comment #9 from Fridolin Somers <fridolin.somers@biblibre.com> --- Pushed to 23.11.x for 23.11.06 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36799 Lucas Gass <lucas@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lucas@bywatersolutions.com Status|Pushed to stable |Pushed to oldstable Version(s)|24.05.00,23.11.06 |24.05.00,23.11.06,23.05.12 released in| | --- Comment #10 from Lucas Gass <lucas@bywatersolutions.com> --- Backported to 23.05.x for upcoming 23.05.12 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36799 Lucas Gass <lucas@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|rel_24_05_candidate | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36799 Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Pushed to oldstable |RESOLVED CC| |wainuiwitikapark@catalyst.n | |et.nz Resolution|--- |FIXED --- Comment #11 from Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz> --- Not backporting to 22.11 -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org