[koha-commits] main Koha release repository branch master updated. v3.20.00-216-g64e47c6
Git repo owner
gitmaster at git.koha-community.org
Mon Jun 22 22:45:27 CEST 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".
The branch, master has been updated
via 64e47c63dc59669c3c651b93630c470e06107fd6 (commit)
via 5dd7c8f0d5fae67ea6177fdbac77a04f70661864 (commit)
via 5a7f459290326e1cea8460bb0817492340dd4150 (commit)
via f4a2471848703ca1896e0664cb9e3c59bf308101 (commit)
via 40d7ab4895dabba28a19861af500f4f2c0180f98 (commit)
via f6aec46dda4a0c833573030e7248e23592537b45 (commit)
via 1a6a734de48db885dd9553c102521bf8227d56be (commit)
via 3f3a29f796db72b73ba858c27bfb3ba7d973f348 (commit)
via fc70c3a4bc9175c2f4f250aeb0bd40ae048df721 (commit)
via 0cac7bc140a53773fd841472bbd306e65ae60a97 (commit)
via 64925f7522a7f3d2d22e07df6bd9d7653cfc4a91 (commit)
via 63c158968593de976afb0acf101f0f33dfc7597f (commit)
via 15b3ba5a6360241c3082373cd7ea0af73d0babef (commit)
via e5cea455d00c52b4a81e87b4dc77315c03ce8630 (commit)
from b61782f1e78c771d66351b380755182e111eaf81 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 64e47c63dc59669c3c651b93630c470e06107fd6
Author: Jonathan Druart <jonathan.druart at koha-community.org>
Date: Mon Jun 22 10:24:51 2015 +0200
Bug 14408: Allow integers in template paths
Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
commit 5dd7c8f0d5fae67ea6177fdbac77a04f70661864
Author: Jonathan Druart <jonathan.druart at koha-community.org>
Date: Fri Jun 19 10:25:30 2015 +0200
Bug 14408: Add tests to get_template_and_user
Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
commit 5a7f459290326e1cea8460bb0817492340dd4150
Author: Chris <chris at bigballofwax.co.nz>
Date: Mon Jun 22 05:23:52 2015 +0000
Bug 14408: Path Traversal error
Counter counter patch
Please test well, including with the null byte %00, this uses a whitelisting to only allow files ending with .tt
and not allowing ../etc
Note the previous patch tries to protect against /etc/passwd
but //etc/passwd is now vulnerable. I do think a whitelist is safer than trying to do a blacklist
/cgi-bin/koha/svc/virtualshelves/search
/cgi-bin/koha/svc/members/search
Are vulnerable
To test:
1/ Hit /cgi-bin/koha/svc/members/search?template_path=members/tables/members_results.tt
Notice you get a valid JSON response
2/ Hit
/search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
(You may have add more ..%2f or remove them to get the correct path)
Notice you can see the contents of the /etc/passwd file
3/ Hit
/cgi-bin/koha/svc/members/search?template_path=test%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
4/ Apply patch
5/ Hit the first url again, notice it still works
6/ Hit the second url notice it now errors with a file not found
7/ Hit the third url notice it now errors with a file not found
Repeat for the other script also
Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
commit f4a2471848703ca1896e0664cb9e3c59bf308101
Author: Tomas Cohen Arazi <tomascohen at theke.io>
Date: Mon Jun 22 17:43:21 2015 -0300
Bug 14383: (QA followup) missing POD fix in C4/Branch.pm
Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
commit 40d7ab4895dabba28a19861af500f4f2c0180f98
Author: Jonathan Druart <jonathan.druart at koha-community.org>
Date: Thu Jun 18 15:19:25 2015 +0200
Bug 14383: Fix POD error in C4/Ratings.pm
perl -e "use Pod::Checker;podchecker('C4/Ratings.pm');"
Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
commit f6aec46dda4a0c833573030e7248e23592537b45
Author: Stefan Weil <sw at weilnetz.de>
Date: Mon Jun 15 21:57:13 2015 +0200
Bug 14383: etc/zebradb: Fix some typos in documentation and Bib-1 attribute set
All of them were found and fixed using codespell.
Signed-off-by: Stefan Weil <sw at weilnetz.de>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
commit 1a6a734de48db885dd9553c102521bf8227d56be
Author: Stefan Weil <sw at weilnetz.de>
Date: Mon Jun 15 21:55:50 2015 +0200
Bug 14383: docs: Fix some typos in documentation
All of them were found and fixed using codespell.
Signed-off-by: Stefan Weil <sw at weilnetz.de>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
commit 3f3a29f796db72b73ba858c27bfb3ba7d973f348
Author: Stefan Weil <sw at weilnetz.de>
Date: Mon Jun 15 21:50:14 2015 +0200
Bug 14383: admin: Fix some typos in comments and documentation
Most of them were found and fixed using codespell.
Signed-off-by: Stefan Weil <sw at weilnetz.de>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
commit fc70c3a4bc9175c2f4f250aeb0bd40ae048df721
Author: Stefan Weil <sw at weilnetz.de>
Date: Mon Jun 15 16:51:51 2015 +0200
Bug 14383: acqui: Fix some typos in comments and documentation
Most of them were found and fixed using codespell.
Signed-off-by: Stefan Weil <sw at weilnetz.de>
http://bugs.koha-community.org/show_bug.cgi?id=14383
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
commit 0cac7bc140a53773fd841472bbd306e65ae60a97
Author: Stefan Weil <sw at weilnetz.de>
Date: Mon Jun 15 16:49:47 2015 +0200
Bug 14383: Fix some typos in comments and documentation
Most of them were found and fixed using codespell.
Signed-off-by: Stefan Weil <sw at weilnetz.de>
http://bugs.koha-community.org/show_bug.cgi?id=14383
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
commit 64925f7522a7f3d2d22e07df6bd9d7653cfc4a91
Author: Stefan Weil <sw at weilnetz.de>
Date: Mon Jun 15 07:47:18 2015 +0200
Bug 14383: C4: Fix some typos (mostly in comments and documentation)
Most of them were found and fixed using codespell.
Fix also some related grammar issues.
In C4/Serials.pm a variable was renamed to make future codespelling
checks easier.
Signed-off-by: Stefan Weil <sw at weilnetz.de>
http://bugs.koha-community.org/show_bug.cgi?id=14383
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
commit 63c158968593de976afb0acf101f0f33dfc7597f
Author: Stefan Weil <sw at weilnetz.de>
Date: Sun Jun 14 22:42:57 2015 +0200
Bug 14383: misc: Fix some typos in comments and documentation
Most of them were found and fixed using codespell.
Signed-off-by: Stefan Weil <sw at weilnetz.de>
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
commit 15b3ba5a6360241c3082373cd7ea0af73d0babef
Author: Stefan Weil <sw at weilnetz.de>
Date: Sun Jun 14 22:30:12 2015 +0200
Bug 14383: debian: Fix some trivial typos
They were found and fixed using codespell.
Signed-off-by: Stefan Weil <sw at weilnetz.de>
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
commit e5cea455d00c52b4a81e87b4dc77315c03ce8630
Author: Katrin Fischer <Katrin.Fischer.83 at web.de>
Date: Mon Jun 8 01:30:58 2015 +0200
Bug 14356: Improvements to the 'Transfers to receive' page
Patch makes several small changes to the template for the
'Transfers to receive page'
1) Show the branch name instead of the branchcode in the
table of incoming transfers.
If there is a hold connected with the transfer:
2) Show the patron's name as 'surname, firstname'
intead of 'surname firstname'
3) Restore broken feature: Show a mailto: link with a
generated subject of 'Hold: <title>'.
The mailto: feature actually existed in the templates, but
was broken to a misnamed database column. I made some small
changes to make the subject translatable (see bug 8330).
To test:
- Create a transfer by placing a hold with pickup at another library
- Craete a transfer manually
- Go to the circulation > transfers to receive
- Check the changes explained above, compare before and after
- Check the mailto: link works as expected
Bonus: Check the Hold: bit in the subject is really translatable now.
Signed-off-by: Nick Clemens <nick at quecheelibrary.org>
Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
-----------------------------------------------------------------------
Summary of changes:
C4/Acquisition.pm | 8 ++---
C4/Auth.pm | 11 +++---
C4/AuthoritiesMarc.pm | 2 +-
C4/Barcodes.pm | 2 +-
C4/Barcodes/hbyymmincr.pm | 2 +-
C4/Biblio.pm | 6 ++--
C4/Branch.pm | 6 ++--
C4/Calendar.pm | 2 +-
C4/Circulation.pm | 10 +++---
C4/ClassSortRoutine.pm | 2 +-
C4/Context.pm | 4 +--
C4/Creators/Batch.pm | 4 +--
C4/Creators/Layout.pm | 6 ++--
C4/Creators/PDF.pm | 2 +-
C4/Creators/Profile.pm | 4 +--
C4/Creators/Template.pm | 6 ++--
C4/Dates.pm | 4 +--
C4/Installer.pm | 2 +-
C4/Items.pm | 6 ++--
C4/Koha.pm | 4 +--
C4/Labels/Label.pm | 2 +-
C4/Patroncards/Lib.pm | 4 +--
C4/Ratings.pm | 5 ++-
C4/Reports/Guided.pm | 6 ++--
C4/Reserves.pm | 16 ++++-----
C4/Ris.pm | 4 +--
C4/RotatingCollections.pm | 16 ++++-----
C4/SIP/ILS/Patron.pod | 4 +--
C4/SIP/Sip.pm | 2 +-
C4/SIP/Sip/MsgType.pm | 8 ++---
C4/Search.pm | 4 +--
C4/Serials.pm | 6 ++--
C4/Serials/Frequency.pm | 2 +-
C4/Serials/Numberpattern.pm | 2 +-
C4/ShelfBrowser.pm | 2 +-
C4/TTParser.pm | 8 ++---
C4/Tags.pm | 4 +--
C4/UploadedFile.pm | 2 +-
C4/Utils/DataTables/ColumnsSettings.pm | 2 +-
C4/Utils/DataTables/Members.pm | 2 +-
C4/XSLT.pm | 2 +-
acqui/addorder.pl | 2 +-
acqui/addorderiso2709.pl | 2 +-
acqui/basketgroup.pl | 2 +-
acqui/orderreceive.pl | 2 +-
acqui/parcel.pl | 2 +-
acqui/pdfformat/layout2pages.pm | 2 +-
acqui/pdfformat/layout2pagesde.pm | 2 +-
acqui/pdfformat/layout3pages.pm | 2 +-
acqui/pdfformat/layout3pagesfr.pm | 2 +-
admin/aqbudgets.pl | 6 ++--
admin/aqplan.pl | 2 +-
admin/check_parent_total.pl | 2 +-
admin/env_tz_test.pl | 2 +-
circ/transferstoreceive.pl | 2 +-
debian/control | 8 ++---
debian/control.in | 8 ++---
debian/templates/koha-sites.conf | 2 +-
docs/CAS/CASProxy/examples/koha_webservice.pl | 2 +-
docs/CAS/CASProxy/examples/proxy_cas.pl | 6 ++--
docs/CAS/CASProxy/examples/proxy_cas_callback.pl | 2 +-
etc/zebradb/biblios/etc/bib1.att | 2 +-
.../unimarc/biblios/biblio-koha-indexdefs.xml | 4 +--
etc/zebradb/marc_defs/unimarc/biblios/record.abs | 4 +--
.../prog/en/modules/circ/transferstoreceive.tt | 13 +++++---
misc/cronjobs/cloud-kw.pl | 10 +++---
misc/cronjobs/fines.pl | 2 +-
misc/cronjobs/overdue_notices.pl | 6 ++--
misc/cronjobs/rss/README | 2 +-
misc/cronjobs/staticfines.pl | 2 +-
misc/devel/update_dbix_class_files.pl | 2 +-
misc/load_testing/benchmark_circulation.pl | 2 +-
misc/maintenance/MARC21_utf8_flag_fix.pl | 2 +-
misc/migration_tools/bulkmarcimport.pl | 6 ++--
misc/migration_tools/koha-svc.pl | 2 +-
misc/plack/koha.psgi | 2 +-
t/db_dependent/Auth.t | 35 +++++++++++++++++++-
t/db_dependent/VirtualShelves.t | 2 +-
t/db_dependent/check_sysprefs.t | 2 +-
tools/import_borrowers.pl | 2 +-
tools/inventory.pl | 4 +--
tools/letter.pl | 2 +-
virtualshelves/sendshelf.pl | 2 +-
xt/author/valid-templates.t | 2 +-
xt/permissions.t | 2 +-
xt/tt_valid.t | 2 +-
86 files changed, 208 insertions(+), 164 deletions(-)
hooks/post-receive
--
main Koha release repository
More information about the koha-commits
mailing list