[koha-commits] main Koha release repository branch 3.22.x updated. v3.22.09-93-ga6350b8
Git repo owner
gitmaster at git.koha-community.org
Wed Aug 17 14:35:57 CEST 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".
The branch, 3.22.x has been updated
via a6350b8705c98aaecaae3e534dc32325628e5897 (commit)
via 1d44cd8225f863d80f7be2e5ef4a55ecd2b29edc (commit)
via 9b42a3f9b29c1c09d24067832a14b9af173e0af5 (commit)
from 5e301bc138e2278dd1307f947a9416f5c7979f59 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit a6350b8705c98aaecaae3e534dc32325628e5897
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Tue Aug 2 14:00:02 2016 +0100
Bug 17022: Fix XSS in circ/branchtransfers.pl
Test plan:
Enter the following in the barcode input:
<script>alert('XSS')</script>
=> Without this patch you will see the alert
=> With this patch, no more alert
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de>
Signed-off-by: Brendan Gallagher <brendan at bywatersolutions.com>
(cherry picked from commit c63d0b311b5e7ba882d19b9b8a71838256de98cf)
Signed-off-by: Frédéric Demians <f.demians at tamil.fr>
(cherry picked from commit 46322ffc6e683d0583283e7485548d46c9586019)
Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
commit 1d44cd8225f863d80f7be2e5ef4a55ecd2b29edc
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Tue Aug 2 14:32:46 2016 +0100
Bug 17024: Fix XSS in tools/viewlog.pl
Test plan:
Hit /tools/viewlog.pl?do_it=1&modules=CATALOGUING&action=MODIFY&object=<script>alert("XSS")</script>
=> Without this patch you will see the alert
=> With this patch, no more alert
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de>
Signed-off-by: Brendan Gallagher <brendan at bywatersolutions.com>
(cherry picked from commit f563ba795e4863328ff4930e7877caae9458206c)
Signed-off-by: Frédéric Demians <f.demians at tamil.fr>
(cherry picked from commit 24664b719f9d09210f30d7f96fc025e08da8124e)
Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
commit 9b42a3f9b29c1c09d24067832a14b9af173e0af5
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Tue Aug 2 14:51:49 2016 +0100
Bug 17026: Fix XSS in serials/checkexpiration.pl
Test plan:
Hit:
/serials/checkexpiration.pl?title="><script>alert("XSS")</script>&date=12/02/2002
/serials/checkexpiration.pl?issn="><script>alert("XSS")</script>&date=12/02/2002
=> Without this patch you will see the alert
=> With this patch, no more alert
Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de>
Signed-off-by: Brendan Gallagher <brendan at bywatersolutions.com>
(cherry picked from commit 9d00353a92487dcde654d88206fd5458448fff1b)
Signed-off-by: Frédéric Demians <f.demians at tamil.fr>
(cherry picked from commit ec78a0d43fe8032d9eeb9272878129085c3c429f)
Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
-----------------------------------------------------------------------
Summary of changes:
.../prog/en/includes/biblio-view-menu.inc | 20 ++++++++++----------
.../prog/en/modules/circ/branchtransfers.tt | 6 +++---
.../prog/en/modules/serials/checkexpiration.tt | 8 ++++----
.../intranet-tmpl/prog/en/modules/tools/viewlog.tt | 16 ++++++++--------
4 files changed, 25 insertions(+), 25 deletions(-)
hooks/post-receive
--
main Koha release repository
More information about the koha-commits
mailing list