[koha-commits] main Koha release repository branch master updated. v16.11.00-336-gcb4fa17

Git repo owner gitmaster at git.koha-community.org
Mon Jan 30 15:25:08 CET 2017 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".

The branch, master has been updated
       via  cb4fa17a2712d04590d218635913bfe794510615 (commit)
       via  45cffd874c62c7b090390c5fb3c955c31f524608 (commit)
      from  42460b871472d2a408bc38a747fd375062af4d7e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit cb4fa17a2712d04590d218635913bfe794510615
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Fri Jan 13 17:07:34 2017 +0100

    Bug 17901: Force context to scalar
    
    See bug 15809 for more references.
    
    Signed-off-by: Mirko Tietgen <mirko at abunchofthings.net>
    
    Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>

commit 45cffd874c62c7b090390c5fb3c955c31f524608
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Fri Jan 13 17:03:41 2017 +0100

    Bug 17901: Fix possible SQL injection in shelf editing
    
    It has been reported that
    /cgi-bin/koha/opac-shelves.pl?op=edit&referer=view&shelfnumber=146&owner=4&shelfname=testX&sortfield=titleaaaaaa\`&category=1
    
    Could lead to SQL injection
    Actually it explodes because the generated SQL query is not correctly formated.
    
    However it would be good to limit the possible values for sortfield.
    
    This vulnerability has been reported by MDSec.
    
    Signed-off-by: Mirko Tietgen <mirko at abunchofthings.net>
    
    Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>

-----------------------------------------------------------------------

Summary of changes:
 opac/opac-shelves.pl      |   16 +++++++++-------
 virtualshelves/shelves.pl |    5 ++++-
 2 files changed, 13 insertions(+), 8 deletions(-)


hooks/post-receive
-- 
main Koha release repository

More information about the koha-commits mailing list