[koha-commits] main Koha release repository branch 3.14.x updated. v3.14.15-6-g4631b30

Git repo owner gitmaster at git.koha-community.org
Tue Jun 23 11:23:09 CEST 2015


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".

The branch, 3.14.x has been updated
       via  4631b30b2fa4d379a09db4b7822753ade29b6df8 (commit)
       via  421a60165cd0125faf0d60e2e10701fa611d474b (commit)
       via  1eb576ec759da21cc5abe8217ae98303101afd6a (commit)
      from  314f4696e2612b051968dcb42cf9cc613ad0361c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 4631b30b2fa4d379a09db4b7822753ade29b6df8
Author: Jonathan Druart <jonathan.druart at koha-community.org>
Date:   Fri Jun 19 11:21:56 2015 +0200

    Bug 14416: Stored XSS vulnerability - add biblio to shelf (intranet)
    
    Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org>
    Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de>
    Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar>
    (cherry picked from commit 542b06f065bf550a2a625bbfb34ce73bb65d01a1)
    Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
    (cherry picked from commit afb00d13904052c71497834761e81996bc5f3d36)
    Signed-off-by: Fridolin Somers <fridolin.somers at biblibre.com>

commit 421a60165cd0125faf0d60e2e10701fa611d474b
Author: Jonathan Druart <jonathan.druart at koha-community.org>
Date:   Fri Jun 19 11:21:47 2015 +0200

    Bug 14416: (follow-up) opac addbybilionumber
    
    Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org>
    Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de>
    Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar>
    (cherry picked from commit abd2bc99e886c11fa9abe15ef01c3298d00757cb)
    Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
    (cherry picked from commit 1ba766f200fd693665e942d9bee86c327893a9bb)
    Signed-off-by: Fridolin Somers <fridolin.somers at biblibre.com>

commit 1eb576ec759da21cc5abe8217ae98303101afd6a
Author: Chris Cormack <chrisc at catalyst.net.nz>
Date:   Fri Jun 19 11:26:02 2015 +1200

    Bug 14416: Stored XSS vulnerability
    
    opac-addbybiblionumber.pl is also vulnerable because it doesn't escape
    list names.
    
    To test
    1/ Create a malicious list name
    2/ Try to add a biblio to the lists
    3/ Notice js is excuted
    4/ Apply patch
    5/ Test again
    
    Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org>
    Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de>
    Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar>
    (cherry picked from commit fb51a4bb0f3ac8b42b53579fe3d6d73d0b3438cd)
    Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
    (cherry picked from commit 20910660a27f61307153afa05c13d67b1b5e91af)
    Signed-off-by: Fridolin Somers <fridolin.somers at biblibre.com>

-----------------------------------------------------------------------

Summary of changes:
 .../prog/en/modules/virtualshelves/addbybiblionumber.tt        |    8 ++++----
 .../opac-tmpl/bootstrap/en/modules/opac-addbybiblionumber.tt   |    8 ++++----
 2 files changed, 8 insertions(+), 8 deletions(-)


hooks/post-receive
-- 
main Koha release repository


More information about the koha-commits mailing list