[koha-commits] main Koha release repository branch 16.11.x updated. v16.11.06-5-ge2f8603
Git repo owner
gitmaster at git.koha-community.org
Sun Apr 2 18:31:36 CEST 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".
The branch, 16.11.x has been updated
via e2f860386dd811b2be3b2988b690c2d28d748336 (commit)
via c69868de49c21d567e0f5824b8ea8526a0e81d74 (commit)
via bead88a8bce3dab2bbf6809a47a008167be016b0 (commit)
via 7da5ac1bbb955e88dbaeab37332e2196c8b81c6d (commit)
via 07e2f4fedc68c38d6498c61015484d9a36b85f56 (commit)
from e94bf3f00f5b3e17dd01b6581093dfe1faa87aee (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit e2f860386dd811b2be3b2988b690c2d28d748336
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Tue Feb 14 14:39:48 2017 +0000
Bug 18058: Allow borrower_message_preferences to be truncated
borrower_message_preferences cannot be truncated because of the foreign.
DBMS fails with
"Cannot truncate a table referenced in a foreign key constraint"
To avoid that we should remove the FK check and truncate the other table
as well.
I am wondering if we really need a truncate here
DELETE FROM borrower_message_preferences;
should do the job, but leave it as it because of the param name.
Test plan
perl misc/maintenance/borrowers-force-messaging-defaults --doit --truncate
Should no longer raise the error message
Signed-off-by: Mark Tompsett <mtompset at hotmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
(cherry picked from commit dd88c8f710e4915dac6437355c356f0632b776fb)
Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de>
commit c69868de49c21d567e0f5824b8ea8526a0e81d74
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Wed Feb 15 17:14:13 2017 +0100
Bug 18124: Change the calls to generate and check CSRF tokens
The parameter change in Koha::Token should be applied to the calling
scripts.
Test plan:
Confirm that the different forms of the scripts modified by this patch
still work correctly.
Test the problematic behavior:
Open 2 tabs with in same user's session, go on the edit patron page
(memberentry.pl).
Log out and log in from the other tab.
Submit the form
=> Wrong CSRF token should be raised
Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
(cherry picked from commit 574d48362d32c14920712ae35bdd28101785315c)
Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de>
commit bead88a8bce3dab2bbf6809a47a008167be016b0
Author: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
Date: Thu Feb 16 11:59:12 2017 +0100
Bug 18124: [Follow-up] Handle default parameters in a sub
Adds a internal routine to handle default values for the parameters
id and secret.
Also adds a parameter session_id for generate_csrf and check_csrf. This
session parameter is combined with the id parameter when generating or
checking a token.
Test plan:
Run t/Token.t
Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
(cherry picked from commit 7190593d9dd38001c2d101bcad5cddc222a45ebe)
Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de>
commit 7da5ac1bbb955e88dbaeab37332e2196c8b81c6d
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Wed Feb 15 17:14:13 2017 +0100
Bug 18124: Restrict CSRF token to user's session
Currently the CSRF token generated is based on the borrowernumber, and
is valid across user's session.
We need to restrict the CSRF token to the current session.
With this patch the CSRF token is generated concatenating the id
(borrowernumber) and the CGISESSID cookie.
Test plan:
Run t/Token.t
Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
(cherry picked from commit 3562816dd1b8855c7973ce5650ff834407c1a548)
Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de>
commit 07e2f4fedc68c38d6498c61015484d9a36b85f56
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Tue Mar 21 10:52:42 2017 -0300
Bug 18312: Fix export unless a file is supplied
Bug 18087 breaks export unless a file is supplied.
Can't use an undefined value as a HASH reference at
/home/vagrant/kohaclone/tools/export.pl line 75.
Test plan:
Export records using a file of id that is not a valid file (not txt or
csv)
Export records using a valid file
Export records without supplying a file
=> The export should work or fail as expected.
Signed-off-by: Jesse Maseto <jesse at bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
(cherry picked from commit 8dad1582c100017f8ad3e331c9a9b9cc9ed4e4d6)
Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de>
-----------------------------------------------------------------------
Summary of changes:
Koha/Token.pm | 35 ++++++++++++---
basket/sendbasket.pl | 10 +----
members/deletemem.pl | 13 ++----
members/member-flags.pl | 11 +----
members/member-password.pl | 11 +----
members/memberentry.pl | 13 ++----
members/moremember.pl | 7 +--
.../maintenance/borrowers-force-messaging-defaults | 6 ++-
opac/opac-memberentry.pl | 15 +++----
opac/opac-sendbasket.pl | 11 ++---
t/Token.t | 47 +++++++++++++++++---
tools/export.pl | 12 ++---
tools/import_borrowers.pl | 9 +---
tools/picture-upload.pl | 11 ++---
14 files changed, 108 insertions(+), 103 deletions(-)
hooks/post-receive
--
main Koha release repository
More information about the koha-commits
mailing list