[koha-commits] main Koha release repository branch 3.20.x updated. v3.20.01-86-gb928430

Git repo owner gitmaster at git.koha-community.org
Tue Jul 21 06:01:51 CEST 2015 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".

The branch, 3.20.x has been updated
       via  b928430696cf25ed705e463af24639f2876475ab (commit)
      from  0df49d540612fe841365d9b6c4c7265fdb65c737 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit b928430696cf25ed705e463af24639f2876475ab
Author: David Cook <dcook at prosentient.com.au>
Date:   Mon Jul 13 14:06:46 2015 +1000

    Bug 14521: SQL injection in local use system preferences
    
    This patch fixes a SQL injection vulnerability in the local use
    system preferences.
    
    _TEST PLAN_
    
    Before applying:
    
    1) Go to Global System Preferences
    2) Click on the "Local use" tab
    3) Add a new preference with the value "') or '1' = '1' -- "
    (be sure to include the space at the end after the comment --).
    4) When the page refreshes, you should now see about 99 other system
    preferences which shouldn't be showing up.
    
    5) Apply the patch
    
    6) Refresh the page
    7) Note that you now only see a system preference for "') or '1' = '1' -- "
    and the other actual local use system preferences.
    
    Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
    Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar>
    (cherry picked from commit a72262a950aa701cebe460e2a3a7586edecd86be)
    Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>

-----------------------------------------------------------------------

Summary of changes:
 admin/systempreferences.pl |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
main Koha release repository

More information about the koha-commits mailing list