[koha-commits] main Koha release repository branch 3.8.x updated. v3.08.08-9-g702736d

Git repo owner gitmaster at git.koha-community.org
Sat Jan 12 20:02:30 CET 2013 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".

The branch, 3.8.x has been updated
       via  702736d9da0f62a37b20b01491745c7f6da9bbf1 (commit)
      from  8a2c11620d29b5f187d2e1fe343dc9343de4a3da (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 702736d9da0f62a37b20b01491745c7f6da9bbf1
Author: Chris Cormack <chrisc at catalyst.net.nz>
Date:   Sun Nov 18 20:01:37 2012 +1300

    Bug 9102 : Set HttpOnly on the CGISESSID cookie
    
    https://www.owasp.org/index.php/HttpOnly
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
    Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de>
    
    To test, use curl
    
    Before the patch
    
    % curl -I http://192.168.2.135
    HTTP/1.1 200 OK
    Date: Sun, 18 Nov 2012 06:56:49 GMT
    Server: Apache/2.2.22 (Ubuntu)
    Pragma: no-cache
    Cache-control: no-cache
    Content-script-type: text/javascript
    Content-style-type: text/css
    Set-Cookie: CGISESSID=19689f6e7d8ec94c25269fecebf2f009; path=/
    Vary: Accept-Encoding
    Content-Type: text/html; charset=UTF-8
    
    After patch
    
     % curl -I http://192.168.2.135
    HTTP/1.1 200 OK
    Date: Sun, 18 Nov 2012 07:01:04 GMT
    Server: Apache/2.2.22 (Ubuntu)
    Pragma: no-cache
    Cache-control: no-cache
    Content-script-type: text/javascript
    Content-style-type: text/css
    Set-Cookie: CGISESSID=da25baf03c0bc1e2c512a627028e43e6; path=/; HttpOnly
    Vary: Accept-Encoding
    Content-Type: text/html; charset=UTF-8
    Signed-off-by: Jared Camins-Esakov <jcamins at cpbibliography.com>
    
    Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz>

-----------------------------------------------------------------------

Summary of changes:
 C4/Auth.pm |   32 +++++++++++++++++++++++---------
 1 files changed, 23 insertions(+), 9 deletions(-)


hooks/post-receive
-- 
main Koha release repository

More information about the koha-commits mailing list