[koha-commits] main Koha release repository branch 3.16.x updated. v3.16.05-2-g6921fae

Git repo owner gitmaster at git.koha-community.org
Thu Dec 11 11:33:38 CET 2014 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".

The branch, 3.16.x has been updated
       via  6921fae06efae0967f9adc133b2c4c59c06b435f (commit)
       via  b79058ac1505f4c13dad698bc137c15981f80717 (commit)
      from  a0d5a70de5d5f9f11f7e480afc22c8c3632fcd1b (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 6921fae06efae0967f9adc133b2c4c59c06b435f
Author: Mason James <mtj at kohaaloha.com>
Date:   Thu Dec 11 23:31:56 2014 +1300

    Increment version for 3.16.5 (001) release
    
    Signed-off-by: Mason James <mtj at kohaaloha.com>

commit b79058ac1505f4c13dad698bc137c15981f80717
Author: Chris Cormack <chrisc at catalyst.net.nz>
Date:   Wed Dec 10 12:47:30 2014 +1300

    Bug 13425 - XSS in opac facets - Patch for 3.16
    
    To Test
    1/ Craft a url like /cgi-bin/koha/opac-search.pl?q=123&sort_by='"><script>prompt('Happy_Holidays')</script>&limit=123
    
    It is important it must return results and facets
    
    2/ Notice the js is executed
    3/ Apply the patch test again
    
    Test this one both in prog and bootstrap please
    
    Signed-off-by: Jared Camins-Esakov <jcamins at cpbibliography.com>
    Signed-off-by: Mason James <mtj at kohaaloha.com>

-----------------------------------------------------------------------

Summary of changes:
 installer/data/mysql/updatedatabase.pl                    |    7 +++++++
 koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-facets.inc |    4 ++--
 koha-tmpl/opac-tmpl/prog/en/includes/opac-facets.inc      |    2 +-
 kohaversion.pl                                            |    2 +-
 misc/release_notes/release_notes_3_16_5.txt               |    5 +++--
 5 files changed, 14 insertions(+), 6 deletions(-)


hooks/post-receive
-- 
main Koha release repository

More information about the koha-commits mailing list