[koha-commits] main Koha release repository branch 3.22.x updated. v3.22.07-14-g954e410
Git repo owner
gitmaster at git.koha-community.org
Thu Jun 16 09:03:49 CEST 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".
The branch, 3.22.x has been updated
via 954e4107c575a68f708f56ee6e11dd0f5cc28bab (commit)
via 3454c9a658335aae8c1c4ccc9dedfd36dcbcb163 (commit)
via 8d6486013b504fa652b43b2a20c3bb4da25034fd (commit)
via 5d1f6b08cc7ef12975eb6637459204b9153de5a2 (commit)
via dd94d1bc4ca68d8466b4d7fb154c6714a7782b58 (commit)
via 858e3b2043e0eb1ce5bb9a6c36b3b87afb69ae22 (commit)
from 3b1a7ba719b02b5b2dfaa30ddc368d1c034b3cd6 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 954e4107c575a68f708f56ee6e11dd0f5cc28bab
Author: Kyle M Hall <kyle at bywatersolutions.com>
Date: Mon May 23 14:28:10 2016 +0000
Bug 16569 - Message box for "too many checked out" is empty if AllowTooManyOverride is not enabled
If the limit for number of items checked out is reached, the message box
shows up but is empty.
Test Plan:
1) Disable AllowTooManyOverride
2) Check out items to a patron until the patron has reached the limit
of checkouts he or she can have
3) Try to check out one more item
4) Note the empty message box
5) Apply this patch
6) Try to check out one more item again
7) Note the message is now visible
Signed-off-by: Nicolas Legrand <nicolas.legrand at bulac.fr>
Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Signed-off-by: Brendan Gallagher <brendan at bywatersolutions.com>
(cherry picked from commit af43f91335b2258ea39b40247a1492ca41dafe2a)
Signed-off-by: Frédéric Demians <f.demians at tamil.fr>
(cherry picked from commit a47180eb3bc0ca26a018f68ffcc4d5635f6f7789)
Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
commit 3454c9a658335aae8c1c4ccc9dedfd36dcbcb163
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Thu May 26 11:07:47 2016 +0100
Bug 16597: Fix XSS in shelves.pl
Reported by
Alex Middleton at Dionach
Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
Signed-off-by: Brendan Gallagher <brendan at bywatersolutions.com>
(cherry picked from commit fa1dd408ca7714aed406ff75d3c4c55545b97cf0)
Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
commit 8d6486013b504fa652b43b2a20c3bb4da25034fd
Author: Chris Cormack <chrisc at catalyst.net.nz>
Date: Thu May 26 21:33:33 2016 +1200
Bug 16597: Fix XSS in opac-shareshelf
To test
1/ Go to /cgi-bin/koha/opac-shareshelf.pl?op="><script>alert('XSS')</script>&shelfnumber=5
2/ Notice you see a js alert
3/ Apply patch
4/ It is gone
Reported by
Alex Middleton at Dionach
Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
Signed-off-by: Brendan Gallagher <brendan at bywatersolutions.com>
(cherry picked from commit c47c835672a8fcd8c7df79663443f01639fc7657)
Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
commit 5d1f6b08cc7ef12975eb6637459204b9153de5a2
Author: Chris Cormack <chrisc at catalyst.net.nz>
Date: Thu May 26 21:06:18 2016 +1200
Bug 16597: Fix XSS in opac-shelves.pl
To test
1/ Hit /cgi-bin/koha/opac-shelves.pl?shelfnumber=5&category=1&op=edit_form&referer="><script>alert('XSS')</SCRIPT>
2/ Notice JS is executed
3/ Apply patch
4/ Notice it's fixed
This bug reported by
Alex Middleton at Dionach
Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
Signed-off-by: Brendan Gallagher <brendan at bywatersolutions.com>
(cherry picked from commit 344033c32490df3e396ed530dcbf250086483371)
Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
commit dd94d1bc4ca68d8466b4d7fb154c6714a7782b58
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Thu May 26 12:08:30 2016 +0100
Bug 16599: Fix other potentials XSS for shelfname
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
Signed-off-by: Brendan Gallagher <brendan at bywatersolutions.com>
(cherry picked from commit bb4543f7db62836b048c632a0a184acb021286ad)
Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
commit 858e3b2043e0eb1ce5bb9a6c36b3b87afb69ae22
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Thu May 26 12:03:55 2016 +0100
Bug 16599: Fix XSS in opac-shareshelf.pl
Test plan:
- Create a list with the name "<script>alert(1)</script>"
- On the shelf list, click on share
=> Without this patch you will see the JS alert
=> With this patch applied you won't see it
Reported by Kaybee at Dionach
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
Signed-off-by: Brendan Gallagher <brendan at bywatersolutions.com>
(cherry picked from commit a44a930c076fceca0f7193f488e187d9849f89b6)
Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
-----------------------------------------------------------------------
Summary of changes:
C4/Circulation.pm | 2 +-
.../intranet-tmpl/prog/en/modules/virtualshelves/shelves.tt | 2 +-
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-downloadshelf.tt | 6 +++---
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-results-grouped.tt | 2 +-
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shareshelf.tt | 6 +++---
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves-rss.tt | 2 +-
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt | 2 +-
7 files changed, 11 insertions(+), 11 deletions(-)
hooks/post-receive
--
main Koha release repository
More information about the koha-commits
mailing list