[koha-commits] main Koha release repository branch 3.18.x updated. v3.18.04-23-g0029619

Git repo owner gitmaster at git.koha-community.org
Thu Mar 12 08:24:46 CET 2015 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".

The branch, 3.18.x has been updated
       via  0029619eb3838eb372eca87b8eb3e6ca1a3a4629 (commit)
       via  8a2cccc8dfa07ad6a731554d523fb5aab1540943 (commit)
       via  e6674d90f7716593326c184b347ab16217a0ec2c (commit)
      from  9cb99b181a41051e46d549e336f1f626a83e8815 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 0029619eb3838eb372eca87b8eb3e6ca1a3a4629
Author: Dobrica Pavlinusic <dpavlin at rot13.org>
Date:   Wed Mar 4 11:38:42 2015 +0100

    Bug 13789 - facets with accented utf-8 characters generate double encoded links
    
    Bug 13425 tried to fix XSS in OPAC, by using url filter in template toolkit
    on whole generated url. This doesn't work and create double encoded strings
    in facets because we are creating url variable by concatenating query_cgi
    (which did pass through uri_escape_utf8 on perl side) and other
    parameters which have to be escaped in template.
    
    Also, code like
    
    [% SET limit_cgi_f = limit_cgi | url %]
    
    doesn't do anything (at least doesn't apply url filter) so it's not needed.
    
    This patch also fixes encoding of hidden fields used in sort by form.
    
    And lastly, it tries to make facet changes for opac and intranet as same as
    possible to simplify future maintencence of this code.
    
    Test scenario:
    1. find results in your opac which contain accented characters
    2. click on them and verify that results are missing
    3. apply this patch
    4. re-run search and click on facets link verifying that there are
       now results
    5. test sort by form and verify that results are ok
    6. verify that facets are still safe from injection by constructing url like
       /cgi-bin/koha/opac-search.pl?q=123&sort_by='"><script>prompt('Happy_Holidays')</script>&limit=123
       and verifying that you DON'T see prompt window in your browser
    
    Signed-off-by: Jonathan Druart <jonathan.druart at biblibre.com>
    Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de>
    Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com>
    (cherry picked from commit 1ca9adaa56ff809a76ff903bb231175d0195163c)
    Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
    
    Conflicts:
    	koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-facets.inc

commit 8a2cccc8dfa07ad6a731554d523fb5aab1540943
Author: Jonathan Druart <jonathan.druart at biblibre.com>
Date:   Wed Jan 28 13:03:31 2015 +0100

    Bug 13635: Unimarc - On editing a notice, the title should be displayed
    
    The title method of MARC::Record does not deal with UNIMARC, it should
    not be called if the marc flavour is UNIMARC.
    
    Test plan:
    On an unimarc installation, edit a notice, with this patch you should
    see
     "Editing TITLE (Record number BIBLIONUMBER)"
    
    Without, the title was not displayed.
    Same in the breadcrumbs.
    
    Bug 13635: Remove another useless call
    
    There is another call to the title method in additem.pl without any
    check on the marc flavour.
    But here the title variable sent to the template is redefined 3 lines
    later.
    So it can be simply removed.
    
    Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
    
    Tested on UNIMARC install, editing a 'record' (not notice) does not show
    title on breadcrumbs, status bar or page title.
    With patch it does!
    No koha-qa errors.
    
    Signed-off-by: joel aloi <aloi54 at live.fr>
    Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de>
    Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com>
    (cherry picked from commit 07e6ddc44af5ba6cdcccbcdac44bba223d891610)
    Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>

commit e6674d90f7716593326c184b347ab16217a0ec2c
Author: Fridolin Somers <fridolin.somers at biblibre.com>
Date:   Wed Jan 21 10:22:19 2015 +0100

    Bug 13605 - _AUTHOR_ not replaced in relatives checkouts
    
    In members/moremember.pl, in relatives checkouts tab, "by _AUTHOR_" appears before author.
    This code sould be replaced in JS.
    
    Test plan :
    - Go to a borrower with relative's checkouts
    => without patch : you see "by _AUTHOR_" string before author name
    => with patch : you see "by" string before author name
    
    Signed-off-by: Brendan Gallagher <brendan at bywatersolutions.com>
    Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de>
    Works as described, fixes the problem.
    
    Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com>
    (cherry picked from commit ce2ea3e8091e699f6fc78e4d0f6569a707df299b)
    Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>

-----------------------------------------------------------------------

Summary of changes:
 catalogue/search.pl                                      |    5 ++---
 cataloguing/addbiblio.pl                                 |   14 ++++++++++----
 cataloguing/additem.pl                                   |    1 -
 koha-tmpl/intranet-tmpl/prog/en/includes/facets.inc      |   14 +++++++-------
 koha-tmpl/intranet-tmpl/prog/en/js/checkouts.js          |    2 +-
 .../opac-tmpl/bootstrap/en/includes/opac-facets.inc      |   11 ++++-------
 opac/opac-search.pl                                      |    3 +--
 7 files changed, 25 insertions(+), 25 deletions(-)


hooks/post-receive
-- 
main Koha release repository

More information about the koha-commits mailing list