[koha-commits] main Koha release repository branch 3.10.x updated. v3.10.12-17-g90a611a

Git repo owner gitmaster at git.koha-community.org
Fri Feb 7 02:16:06 CET 2014 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".

The branch, 3.10.x has been updated
       via  90a611aa7d0f2db3422c721e722939235953fc03 (commit)
       via  3eadfee02ac502c0eb53a27bfac961764930d186 (commit)
       via  2133e9b0c21f4979c446103a22c4d74b57ac737d (commit)
       via  b2f0f7c8fa994bde68e88b7f72b053a8ab8d9ae5 (commit)
       via  28a30b6bd864f6f7440b81f8946aec9bae1bcabf (commit)
       via  2dcde0864641941b60c87a07177da78fb313214f (commit)
       via  9344473e93b41f243d19d7a3593a427114242d39 (commit)
       via  adf4597ec35353b9908236420a8a3c3a5f6a8f06 (commit)
      from  485f871438d6fd70cd566e26766564275ad54134 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 90a611aa7d0f2db3422c721e722939235953fc03
Author: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
Date:   Thu Feb 6 13:54:27 2014 -0300

    Database update for 3.10.13 release

commit 3eadfee02ac502c0eb53a27bfac961764930d186
Author: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
Date:   Thu Feb 6 13:51:50 2014 -0300

    Release notes for 3.10.13 release
    
    Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>

commit 2133e9b0c21f4979c446103a22c4d74b57ac737d
Author: Galen Charlton <gmc at esilibrary.com>
Date:   Tue Feb 4 23:03:08 2014 +0000

    Bug 11666: remove SQL as an option for MARC framework exports and imports
    
    The SQL option for MARC framework imports was subject to a bug whereby
    somebody could use it to gain access to arbitrary information in the
    database by uploading an SQL file containing unexpected statements.
    
    As it is difficult to securely sanitize SQL, this patch removes the
    option to use SQL as an import or export format.
    
    To test:
    
    [1] Verify that SQL no longer appears as an import or export option
        for the MARC frameworks.
    [2] Verify that exports and imports in CSV, Excel XML, and ODS formats
        still work.
    
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
    Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com>
    Works as advertised. The UI doesn't offer exporting/importing in the SQL format.
    Crafting the URL to export SQL fallbacks to a spreadsheet format (ODS).
    
    Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de>
    Works as described, passes all tests and QA script.
    
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
    (cherry picked from commit 94e349ff6ce4a1abb313102decc12429d02dfb4b)
    Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com>
    There were conflicts on the template. The modified strings wont get translated
    but in as it is an administrative feature that not everyone uses on a daily basis
    I think it wont hurt. And will get fixed in a couple of weeks anyway.
    (cherry picked from commit 41e17032d6bc70ceea08c73eb2d8350cb99aa57f)
    Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
    (cherry picked from commit 41e17032d6bc70ceea08c73eb2d8350cb99aa57f)

commit b2f0f7c8fa994bde68e88b7f72b053a8ab8d9ae5
Author: Galen Charlton <gmc at esilibrary.com>
Date:   Tue Feb 4 15:54:33 2014 +0000

    Bug 11666: add permission check for MARC framework import/export
    
    This patch makes the MARC framework import/export script require
    that the staff user be logged in with appropriate permissions for
    managing the MARC frameworks.
    
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
    Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com>
    Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de>
    
    I can confirm the bug and the solution. After applying the patch
    downloading the file without logging in first is no longer possible.
    Also passes tests and QA script.
    
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
    (cherry picked from commit 03d4ed2468bb9ab97b1f7b7d9e29507dc815a8b3)
    Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com>
    (cherry picked from commit 412b761e27267b55e07d93ce3ec436cbddaf02d8)
    Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
    (cherry picked from commit 412b761e27267b55e07d93ce3ec436cbddaf02d8)

commit 28a30b6bd864f6f7440b81f8946aec9bae1bcabf
Author: Galen Charlton <gmc at esilibrary.com>
Date:   Sat Feb 1 02:11:38 2014 +0000

    Bug 11662: remove disused member-picupload.pl
    
    This script is no longer used, and in addition has problematic
    handling of its parameters that could lead to writing to
    arbitrary files on the server.
    
    To test:
    
    [1] Verify that member-picupload.pl is no longer referred
        to in the codebase after applying this patch.
    [2] Verify that there are no regressions in patron
        photo management.
    
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
    Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz>
    Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de>
    Found no regressions in removing this script.
    
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
    (cherry picked from commit 939079de756fdda1ca8f62c48efe0e2e3034ae32)
    Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com>
    (cherry picked from commit 4d75ded81b64e23979c44c3ea6611f240745f93e)
    Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
    (cherry picked from commit 4d75ded81b64e23979c44c3ea6611f240745f93e)

commit 2dcde0864641941b60c87a07177da78fb313214f
Author: Chris Cormack <chris at bigballofwax.co.nz>
Date:   Sat Feb 1 15:06:58 2014 +1300

    Bug 11661: sanitize file names supplied to edithelp.pl
    
    This patch corrects an issue whereby edithelp.pl could
    be used to create or modify arbitrary files on the server
    with the permissions of the Apache user.
    
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
    Signed-off-by: Jonathan Druart <jonathan.druart at biblibre.com>
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
    (cherry picked from commit 7baf02c263a627b1454577b3141a0af4b8f963d1)
    Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com>
    (cherry picked from commit 677e9299da6e808bd4c76dc036da9e39c4277edd)
    Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
    (cherry picked from commit 677e9299da6e808bd4c76dc036da9e39c4277edd)

commit 9344473e93b41f243d19d7a3593a427114242d39
Author: Chris Cormack <chris at bigballofwax.co.nz>
Date:   Sat Feb 1 14:18:23 2014 +1300

    Bug 11660: remove disused tools/pdfViewer.pl
    
    tools/pdfViewer.pl can be used to read artibrary files on the system.
    
    It is actually an unused file, so leaving it around serves no purpose
    and is dangerous.
    
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
    Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de>
    No regressions found.
    
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
    (cherry picked from commit d1b6e0646fd6a70f6724189554e80aaa68aec64b)
    Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com>
    (cherry picked from commit 0b4854ca08e6d298c68f7e891fad1b682cba7b3e)
    Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
    (cherry picked from commit 0b4854ca08e6d298c68f7e891fad1b682cba7b3e)

commit adf4597ec35353b9908236420a8a3c3a5f6a8f06
Author: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
Date:   Thu Feb 6 13:01:51 2014 -0300

    Bug 7478: (followup) Branches template plugin not available in 3.10.x
    
    RM followup
    
    This patch reverts the use of the Branches plugin for 3.10.x as it is not available.
    The behaviour reverts to the previous one, but retains translatability.
    
    Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>

-----------------------------------------------------------------------

Summary of changes:
 C4/ImportExportFramework.pm                        |  219 +-------------------
 admin/import_export_framework.pl                   |   26 ++-
 edithelp.pl                                        |    4 +-
 installer/data/mysql/updatedatabase.pl             |    6 +
 .../prog/en/modules/admin/biblio_framework.tt      |   24 +--
 .../prog/en/modules/reports/catalogue_out.tt       |    3 +-
 kohaversion.pl                                     |    2 +-
 members/member-picupload.pl                        |   77 -------
 ...notes_3_10_12.txt => release_notes_3_10_13.txt} |  182 +++++++---------
 tools/pdfViewer.pl                                 |   42 ----
 10 files changed, 129 insertions(+), 456 deletions(-)
 delete mode 100755 members/member-picupload.pl
 copy misc/release_notes/{release_notes_3_10_12.txt => release_notes_3_10_13.txt} (55%)
 delete mode 100755 tools/pdfViewer.pl


hooks/post-receive
-- 
main Koha release repository

More information about the koha-commits mailing list