[koha-commits] main Koha release repository branch master updated. v3.22.00-873-gfc640d2
Git repo owner
gitmaster at git.koha-community.org
Mon Mar 14 17:48:28 CET 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".
The branch, master has been updated
via fc640d2a86f395ad392f84314bce22e8b4dab1fe (commit)
via fb167c0e4b897bf9a93b4fd6176b15e2d4dbd4df (commit)
via dc03bca76cf5b7cb48d98d1ce245fc65b98be929 (commit)
from 665a0052a1351322362de5d3e9578165dcffc5b7 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit fc640d2a86f395ad392f84314bce22e8b4dab1fe
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Mon Feb 22 09:24:29 2016 +0000
Bug 15111: Do not include the antiClickjack legacy browser trick for greybox
Most of the scripts called via greybox (which uses iframe) don't include
doc-head-close. But some do.
This patch adds a popup parameter for these templates, not to include
the legacy browser trick and avoid the replacement of the location.
Test plan:
1/ Export patroncard and label
2/ translate itemtypes
3/ click on a idref link at the OPAC
Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
commit fb167c0e4b897bf9a93b4fd6176b15e2d4dbd4df
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Fri Nov 13 08:19:57 2015 +0000
Bug 15111: Change X-Frame-Options with SAMEORIGIN
There are some places where frames are used, the greybox JS plugin for
instance.
We need either to allow them from Koha or replace this plugin.
The easier for now is to switch the value from DENY with SAMEORIGIN.
Test plan:
- modify a record in a batch (tools/batch_record_modification.pl)
- click on preview marc
=> With only the previous patch you will get a blank page.
=> With this patch apply, it will work as expected.
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
commit dc03bca76cf5b7cb48d98d1ce245fc65b98be929
Author: Kyle M Hall <kyle at bywatersolutions.com>
Date: Mon Nov 2 12:11:17 2015 -0500
Bug 15111 - Koha is vulnerable to Cross-Frame Scripting (XFS) attacks
Web pages that can be embedded in frames are vulnerable to cross-frame
scripting attacks. Cross-frame scripting is a type of phishing attack
that involves instructions to an unsuspecting user to follow a specific
link to update confidential information in an online application.
Because the link leads to a legitimate page from the online application
that is embedded in a frame hosted by the attackers' server, the
attackers can capture all the information that the user enters.
https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de>
Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
-----------------------------------------------------------------------
Summary of changes:
C4/Output.pm | 11 ++++++-----
.../intranet-tmpl/prog/en/includes/doc-head-close.inc | 14 ++++++++++++++
.../intranet-tmpl/prog/en/modules/admin/localization.tt | 2 +-
.../intranet-tmpl/prog/en/modules/labels/label-print.tt | 2 +-
.../intranet-tmpl/prog/en/modules/patroncards/print.tt | 2 +-
.../opac-tmpl/bootstrap/en/includes/doc-head-close.inc | 14 ++++++++++++++
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-idref.tt | 2 +-
7 files changed, 38 insertions(+), 9 deletions(-)
hooks/post-receive
--
main Koha release repository
More information about the koha-commits
mailing list