[koha-commits] main Koha release repository branch 3.14.x updated. v3.14.15-6-g4631b30
Git repo owner
gitmaster at git.koha-community.org
Tue Jun 23 11:23:09 CEST 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".
The branch, 3.14.x has been updated
via 4631b30b2fa4d379a09db4b7822753ade29b6df8 (commit)
via 421a60165cd0125faf0d60e2e10701fa611d474b (commit)
via 1eb576ec759da21cc5abe8217ae98303101afd6a (commit)
from 314f4696e2612b051968dcb42cf9cc613ad0361c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 4631b30b2fa4d379a09db4b7822753ade29b6df8
Author: Jonathan Druart <jonathan.druart at koha-community.org>
Date: Fri Jun 19 11:21:56 2015 +0200
Bug 14416: Stored XSS vulnerability - add biblio to shelf (intranet)
Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar>
(cherry picked from commit 542b06f065bf550a2a625bbfb34ce73bb65d01a1)
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
(cherry picked from commit afb00d13904052c71497834761e81996bc5f3d36)
Signed-off-by: Fridolin Somers <fridolin.somers at biblibre.com>
commit 421a60165cd0125faf0d60e2e10701fa611d474b
Author: Jonathan Druart <jonathan.druart at koha-community.org>
Date: Fri Jun 19 11:21:47 2015 +0200
Bug 14416: (follow-up) opac addbybilionumber
Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar>
(cherry picked from commit abd2bc99e886c11fa9abe15ef01c3298d00757cb)
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
(cherry picked from commit 1ba766f200fd693665e942d9bee86c327893a9bb)
Signed-off-by: Fridolin Somers <fridolin.somers at biblibre.com>
commit 1eb576ec759da21cc5abe8217ae98303101afd6a
Author: Chris Cormack <chrisc at catalyst.net.nz>
Date: Fri Jun 19 11:26:02 2015 +1200
Bug 14416: Stored XSS vulnerability
opac-addbybiblionumber.pl is also vulnerable because it doesn't escape
list names.
To test
1/ Create a malicious list name
2/ Try to add a biblio to the lists
3/ Notice js is excuted
4/ Apply patch
5/ Test again
Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar>
(cherry picked from commit fb51a4bb0f3ac8b42b53579fe3d6d73d0b3438cd)
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
(cherry picked from commit 20910660a27f61307153afa05c13d67b1b5e91af)
Signed-off-by: Fridolin Somers <fridolin.somers at biblibre.com>
-----------------------------------------------------------------------
Summary of changes:
.../prog/en/modules/virtualshelves/addbybiblionumber.tt | 8 ++++----
.../opac-tmpl/bootstrap/en/modules/opac-addbybiblionumber.tt | 8 ++++----
2 files changed, 8 insertions(+), 8 deletions(-)
hooks/post-receive
--
main Koha release repository
More information about the koha-commits
mailing list