[koha-commits] main Koha release repository branch master updated. v3.14.00-alpha1-30-g58d469e
Git repo owner
gitmaster at git.koha-community.org
Mon Oct 21 19:50:51 CEST 2013
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".
The branch, master has been updated
via 58d469ed4d6891cddf6a5ef35d21caa553dfb8ae (commit)
via 7b165794cd1875b79177f85db59be42a9708554a (commit)
from 432f5ad400c6679186b27a00b61a3ad72ddda313 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 58d469ed4d6891cddf6a5ef35d21caa553dfb8ae
Author: Galen Charlton <gmc at esilibrary.com>
Date: Sun Oct 20 20:55:06 2013 +0000
bug 10016: munge history in SCO to discourage resubmitting user login
This patch uses history.replaceState (introduced in HTML5) to manipulate
the browser history to encourage returning to the SCO patron barcode
form if the back button is used.
Note that a side effect of this patch is that if the user uses
the help link, they will be prompted to enter their barcode
again. It may be better to put the help inline with the rest
of the SCO forms.
To test:
[1] Start a web-based self-check session.
[2] Enter a patron barcode.
[3] Allow the self-check session to time out.
[4] Use the back button. You should get the patron barcode
entry form; you should not be prompted to resubmit form input.
[5] Enter a patron barcode, perform some transactions, then
use the finish button.
[6] Next, use the back button. You should get the patron barcode
entry form.
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
Signed-off-by: Ed Veal <ed.veal at bywatersolutions.com>
Signed-off-by: Brendan Gallagher <brendan at bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
commit 7b165794cd1875b79177f85db59be42a9708554a
Author: Galen Charlton <gmc at esilibrary.com>
Date: Sun Oct 20 17:13:22 2013 +0000
Bug 10016: force zero browser-side caching of SCO pages
This patch makes the web-based self-check module pages
specify that no browser (or proxy caching) occur at all.
This prevents a security issue where letting the SCO session time out,
then hitting the back button allowed one to view the previous
patron's session.
This patch adds an optional fifth parameter to output_with_http_headers(),
and output_html_with_http_headers(), a hashref for miscellaneous
options. One key is defined at the moment: force_no_caching, which if
if present and set to a true value, sets HTTP headers to specify no
browser caching of the page at all.
To test:
[1] Start a web-based self-check session and optionally perform
some transactions.
[2] Allow the session to time out (it may be helpful to set
SelfCheckTimeout to a low value such as 10 seconds).
[3] Hit the back button. You should not see the previous patron's
self-check session.
[4] Verify that prove -v t/Output.t passes.
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
Signed-off-by: Ed Veal <ed.veal at bywatersolutions.com>
Signed-off-by: Brendan Gallagher <brendan at bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
-----------------------------------------------------------------------
Summary of changes:
C4/Output.pm | 20 +++++++++++++-----
.../opac-tmpl/bootstrap/en/modules/sco/sco-main.tt | 16 +++++++++++---
.../opac-tmpl/prog/en/modules/sco/sco-main.tt | 14 +++++++++++--
opac/sco/sco-main.pl | 2 +-
t/Output.t | 22 +++++++++++++++++++-
5 files changed, 62 insertions(+), 12 deletions(-)
hooks/post-receive
--
main Koha release repository
More information about the koha-commits
mailing list