[koha-commits] main Koha release repository branch 3.18.x updated. v3.18.04-23-g0029619
Git repo owner
gitmaster at git.koha-community.org
Thu Mar 12 08:24:46 CET 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".
The branch, 3.18.x has been updated
via 0029619eb3838eb372eca87b8eb3e6ca1a3a4629 (commit)
via 8a2cccc8dfa07ad6a731554d523fb5aab1540943 (commit)
via e6674d90f7716593326c184b347ab16217a0ec2c (commit)
from 9cb99b181a41051e46d549e336f1f626a83e8815 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 0029619eb3838eb372eca87b8eb3e6ca1a3a4629
Author: Dobrica Pavlinusic <dpavlin at rot13.org>
Date: Wed Mar 4 11:38:42 2015 +0100
Bug 13789 - facets with accented utf-8 characters generate double encoded links
Bug 13425 tried to fix XSS in OPAC, by using url filter in template toolkit
on whole generated url. This doesn't work and create double encoded strings
in facets because we are creating url variable by concatenating query_cgi
(which did pass through uri_escape_utf8 on perl side) and other
parameters which have to be escaped in template.
Also, code like
[% SET limit_cgi_f = limit_cgi | url %]
doesn't do anything (at least doesn't apply url filter) so it's not needed.
This patch also fixes encoding of hidden fields used in sort by form.
And lastly, it tries to make facet changes for opac and intranet as same as
possible to simplify future maintencence of this code.
Test scenario:
1. find results in your opac which contain accented characters
2. click on them and verify that results are missing
3. apply this patch
4. re-run search and click on facets link verifying that there are
now results
5. test sort by form and verify that results are ok
6. verify that facets are still safe from injection by constructing url like
/cgi-bin/koha/opac-search.pl?q=123&sort_by='"><script>prompt('Happy_Holidays')</script>&limit=123
and verifying that you DON'T see prompt window in your browser
Signed-off-by: Jonathan Druart <jonathan.druart at biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com>
(cherry picked from commit 1ca9adaa56ff809a76ff903bb231175d0195163c)
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
Conflicts:
koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-facets.inc
commit 8a2cccc8dfa07ad6a731554d523fb5aab1540943
Author: Jonathan Druart <jonathan.druart at biblibre.com>
Date: Wed Jan 28 13:03:31 2015 +0100
Bug 13635: Unimarc - On editing a notice, the title should be displayed
The title method of MARC::Record does not deal with UNIMARC, it should
not be called if the marc flavour is UNIMARC.
Test plan:
On an unimarc installation, edit a notice, with this patch you should
see
"Editing TITLE (Record number BIBLIONUMBER)"
Without, the title was not displayed.
Same in the breadcrumbs.
Bug 13635: Remove another useless call
There is another call to the title method in additem.pl without any
check on the marc flavour.
But here the title variable sent to the template is redefined 3 lines
later.
So it can be simply removed.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
Tested on UNIMARC install, editing a 'record' (not notice) does not show
title on breadcrumbs, status bar or page title.
With patch it does!
No koha-qa errors.
Signed-off-by: joel aloi <aloi54 at live.fr>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com>
(cherry picked from commit 07e6ddc44af5ba6cdcccbcdac44bba223d891610)
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
commit e6674d90f7716593326c184b347ab16217a0ec2c
Author: Fridolin Somers <fridolin.somers at biblibre.com>
Date: Wed Jan 21 10:22:19 2015 +0100
Bug 13605 - _AUTHOR_ not replaced in relatives checkouts
In members/moremember.pl, in relatives checkouts tab, "by _AUTHOR_" appears before author.
This code sould be replaced in JS.
Test plan :
- Go to a borrower with relative's checkouts
=> without patch : you see "by _AUTHOR_" string before author name
=> with patch : you see "by" string before author name
Signed-off-by: Brendan Gallagher <brendan at bywatersolutions.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de>
Works as described, fixes the problem.
Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com>
(cherry picked from commit ce2ea3e8091e699f6fc78e4d0f6569a707df299b)
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
-----------------------------------------------------------------------
Summary of changes:
catalogue/search.pl | 5 ++---
cataloguing/addbiblio.pl | 14 ++++++++++----
cataloguing/additem.pl | 1 -
koha-tmpl/intranet-tmpl/prog/en/includes/facets.inc | 14 +++++++-------
koha-tmpl/intranet-tmpl/prog/en/js/checkouts.js | 2 +-
.../opac-tmpl/bootstrap/en/includes/opac-facets.inc | 11 ++++-------
opac/opac-search.pl | 3 +--
7 files changed, 25 insertions(+), 25 deletions(-)
hooks/post-receive
--
main Koha release repository
More information about the koha-commits
mailing list