[koha-commits] main Koha release repository branch master updated. v3.22.00-873-gfc640d2

Git repo owner gitmaster at git.koha-community.org
Mon Mar 14 17:48:28 CET 2016 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".

The branch, master has been updated
       via  fc640d2a86f395ad392f84314bce22e8b4dab1fe (commit)
       via  fb167c0e4b897bf9a93b4fd6176b15e2d4dbd4df (commit)
       via  dc03bca76cf5b7cb48d98d1ce245fc65b98be929 (commit)
      from  665a0052a1351322362de5d3e9578165dcffc5b7 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit fc640d2a86f395ad392f84314bce22e8b4dab1fe
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Mon Feb 22 09:24:29 2016 +0000

    Bug 15111: Do not include the antiClickjack legacy browser trick for greybox
    
    Most of the scripts called via greybox (which uses iframe) don't include
    doc-head-close. But some do.
    This patch adds a popup parameter for these templates, not to include
    the legacy browser trick and avoid the replacement of the location.
    
    Test plan:
    1/ Export patroncard and label
    2/ translate itemtypes
    3/ click on a idref link at the OPAC
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
    Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>

commit fb167c0e4b897bf9a93b4fd6176b15e2d4dbd4df
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Fri Nov 13 08:19:57 2015 +0000

    Bug 15111: Change X-Frame-Options with SAMEORIGIN
    
    There are some places where frames are used, the greybox JS plugin for
    instance.
    
    We need either to allow them from Koha or replace this plugin.
    The easier for now is to switch the value from DENY with SAMEORIGIN.
    
    Test plan:
    - modify a record in a batch (tools/batch_record_modification.pl)
    - click on preview marc
    => With only the previous patch you will get a blank page.
    => With this patch apply, it will work as expected.
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
    Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>

commit dc03bca76cf5b7cb48d98d1ce245fc65b98be929
Author: Kyle M Hall <kyle at bywatersolutions.com>
Date:   Mon Nov 2 12:11:17 2015 -0500

    Bug 15111 - Koha is vulnerable to Cross-Frame Scripting (XFS) attacks
    
    Web pages that can be embedded in frames are vulnerable to cross-frame
    scripting attacks. Cross-frame scripting is a type of phishing attack
    that involves instructions to an unsuspecting user to follow a specific
    link to update confidential information in an online application.
    Because the link leads to a legitimate page from the online application
    that is embedded in a frame hosted by the attackers' server, the
    attackers can capture all the information that the user enters.
    
    https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
    Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
    
    Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
    Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>

-----------------------------------------------------------------------

Summary of changes:
 C4/Output.pm                                             |   11 ++++++-----
 .../intranet-tmpl/prog/en/includes/doc-head-close.inc    |   14 ++++++++++++++
 .../intranet-tmpl/prog/en/modules/admin/localization.tt  |    2 +-
 .../intranet-tmpl/prog/en/modules/labels/label-print.tt  |    2 +-
 .../intranet-tmpl/prog/en/modules/patroncards/print.tt   |    2 +-
 .../opac-tmpl/bootstrap/en/includes/doc-head-close.inc   |   14 ++++++++++++++
 koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-idref.tt   |    2 +-
 7 files changed, 38 insertions(+), 9 deletions(-)


hooks/post-receive
-- 
main Koha release repository

More information about the koha-commits mailing list