[koha-commits] main Koha release repository branch master updated. v16.11.00-345-g93cc095
Git repo owner
gitmaster at git.koha-community.org
Mon Jan 30 15:29:45 CET 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".
The branch, master has been updated
via 93cc0956a923e94663ae74d1f435604844536571 (commit)
via 7afddcb157a8d8e27cfdee3cdbeb0eae483aa24c (commit)
via af0af36bb9a520c31c31067b9b68fd565eef0e63 (commit)
via 936b23e17a4b7d76d94be276ed1ceb9be8872299 (commit)
via acabdc87c9a883e36def78dcff6fccb4980d35ab (commit)
via a8fdac38d8a1cf9e996195c5b04702d1d2eaa106 (commit)
from 0c3c162f767f5587f5fad7375151f8efca3689b3 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 93cc0956a923e94663ae74d1f435604844536571
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Thu Jan 19 11:46:21 2017 +0100
Bug 9569: Security patch for AutoLocation
If a patron is not allowed to access the staff interface because its IP
address in the authorised range of IPs, the cookie should not contain
the CGISESSID.
If it is, the patron is logged in and will be able to access the staff
interface if he reload the page (or hit another one).
Test plan:
Confirm the that AutoLocation feature is now working as expected.
Note: It seems that this feature has never really worked as intended.
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
commit 7afddcb157a8d8e27cfdee3cdbeb0eae483aa24c
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Thu Jan 19 10:00:40 2017 +0100
Bug 9569: Update warning message
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
commit af0af36bb9a520c31c31067b9b68fd565eef0e63
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Tue Aug 16 14:01:40 2016 +0100
Bug 9569: Do not check the IP for login at the OPAC
At the OPAC, the AutoLocation feature should not be taken into account:
login to the OPAC from outside the IP range should work
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
commit 936b23e17a4b7d76d94be276ed1ceb9be8872299
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Tue Aug 16 13:56:25 2016 +0100
Bug 9569: Remove unused occurrence of AutoLocation
`git grep ManualLocation` does not return any results
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
commit acabdc87c9a883e36def78dcff6fccb4980d35ab
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Tue Aug 16 13:56:19 2016 +0100
Bug 9569: AutoLocation should not depend on IndependentBranches
Those 2 prefs can be independent and it does not make sense to consider
AutoLocation only if IndependentBranches is set.
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
commit a8fdac38d8a1cf9e996195c5b04702d1d2eaa106
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Tue Aug 16 14:02:58 2016 +0100
Bug 9569: Fix AutoLocation - handle .* for subnets
The example in branches.tt is:
Can be entered as a single IP, or a subnet such as 192.168.1.*
But actually the regex in C4::Auth does not handle subnets.
Test plan:
0/ Apply all the patches
1/ Switch AutoLocation on
2/ Define a subnet (192.168.0.* if your ip is like 192.168.0.X) in the IP
range of your library
3/ Log in on the staff interface
=> Should work
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
-----------------------------------------------------------------------
Summary of changes:
C4/Auth.pm | 8 ++++++-
circ/circulation.pl | 5 ----
koha-tmpl/intranet-tmpl/prog/en/modules/auth.tt | 24 ++++++++++----------
.../prog/en/modules/circ/circulation-home.tt | 2 +-
4 files changed, 20 insertions(+), 19 deletions(-)
hooks/post-receive
--
main Koha release repository
More information about the koha-commits
mailing list