[koha-commits] main Koha release repository branch 3.8.x updated. v3.08.22-7-g042b6f1
Git repo owner
gitmaster at git.koha-community.org
Fri Feb 7 02:17:29 CET 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".
The branch, 3.8.x has been updated
via 042b6f170bac364b41435c759de376f0f8b93b45 (commit)
via e0d439c60d85d8107d070d3e1b97f8e3b8f54470 (commit)
via 50d8aa80fb62afc822a9093bbb2638a687e2487b (commit)
via c757c2c9c1fe38c8e72f9fdb4f0104c2856f9fde (commit)
via c87b6dc048645827904c40c730e9709963414029 (commit)
via 3517a9399588c4b7be6abebfeeb58facab06405f (commit)
via 0057c98f2584d431c7549fd139efbbe388343224 (commit)
from f421f4e8de1efa28aeaecdfd0cbddb5978b7d450 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 042b6f170bac364b41435c759de376f0f8b93b45
Author: Galen Charlton <gmc at esilibrary.com>
Date: Fri Feb 7 01:17:02 2014 +0000
bump version for Koha 3.8.23
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
commit e0d439c60d85d8107d070d3e1b97f8e3b8f54470
Author: Galen Charlton <gmc at esilibrary.com>
Date: Fri Feb 7 01:16:30 2014 +0000
release notes for Koha 3.8.23
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
commit 50d8aa80fb62afc822a9093bbb2638a687e2487b
Author: Galen Charlton <gmc at esilibrary.com>
Date: Tue Feb 4 23:03:08 2014 +0000
Bug 11666: remove SQL as an option for MARC framework exports and imports
The SQL option for MARC framework imports was subject to a bug whereby
somebody could use it to gain access to arbitrary information in the
database by uploading an SQL file containing unexpected statements.
As it is difficult to securely sanitize SQL, this patch removes the
option to use SQL as an import or export format.
To test:
[1] Verify that SQL no longer appears as an import or export option
for the MARC frameworks.
[2] Verify that exports and imports in CSV, Excel XML, and ODS formats
still work.
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com>
Works as advertised. The UI doesn't offer exporting/importing in the SQL format.
Crafting the URL to export SQL fallbacks to a spreadsheet format (ODS).
Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de>
Works as described, passes all tests and QA script.
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
Conflicts:
koha-tmpl/intranet-tmpl/prog/en/modules/admin/biblio_framework.tt
commit c757c2c9c1fe38c8e72f9fdb4f0104c2856f9fde
Author: Galen Charlton <gmc at esilibrary.com>
Date: Tue Feb 4 15:54:33 2014 +0000
Bug 11666: add permission check for MARC framework import/export
This patch makes the MARC framework import/export script require
that the staff user be logged in with appropriate permissions for
managing the MARC frameworks.
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de>
I can confirm the bug and the solution. After applying the patch
downloading the file without logging in first is no longer possible.
Also passes tests and QA script.
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
commit c87b6dc048645827904c40c730e9709963414029
Author: Galen Charlton <gmc at esilibrary.com>
Date: Sat Feb 1 02:11:38 2014 +0000
Bug 11662: remove disused member-picupload.pl
This script is no longer used, and in addition has problematic
handling of its parameters that could lead to writing to
arbitrary files on the server.
To test:
[1] Verify that member-picupload.pl is no longer referred
to in the codebase after applying this patch.
[2] Verify that there are no regressions in patron
photo management.
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de>
Found no regressions in removing this script.
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
commit 3517a9399588c4b7be6abebfeeb58facab06405f
Author: Chris Cormack <chris at bigballofwax.co.nz>
Date: Sat Feb 1 15:06:58 2014 +1300
Bug 11661: sanitize file names supplied to edithelp.pl
This patch corrects an issue whereby edithelp.pl could
be used to create or modify arbitrary files on the server
with the permissions of the Apache user.
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
Signed-off-by: Jonathan Druart <jonathan.druart at biblibre.com>
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
commit 0057c98f2584d431c7549fd139efbbe388343224
Author: Chris Cormack <chris at bigballofwax.co.nz>
Date: Sat Feb 1 14:18:23 2014 +1300
Bug 11660: remove disused tools/pdfViewer.pl
tools/pdfViewer.pl can be used to read artibrary files on the system.
It is actually an unused file, so leaving it around serves no purpose
and is dangerous.
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de>
No regressions found.
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
-----------------------------------------------------------------------
Summary of changes:
C4/ImportExportFramework.pm | 219 +-------------------
admin/import_export_framework.pl | 26 ++-
edithelp.pl | 4 +-
installer/data/mysql/updatedatabase.pl | 6 +
.../prog/en/modules/admin/biblio_framework.tt | 24 +--
kohaversion.pl | 2 +-
members/member-picupload.pl | 77 -------
...e_notes_3_8_22.txt => release_notes_3_8_23.txt} | 100 +++++----
tools/pdfViewer.pl | 42 ----
9 files changed, 108 insertions(+), 392 deletions(-)
delete mode 100755 members/member-picupload.pl
copy misc/release_notes/{release_notes_3_8_22.txt => release_notes_3_8_23.txt} (60%)
delete mode 100755 tools/pdfViewer.pl
hooks/post-receive
--
main Koha release repository
More information about the koha-commits
mailing list