[koha-commits] main Koha release repository branch master updated. v16.11.00-345-g93cc095

Git repo owner gitmaster at git.koha-community.org
Mon Jan 30 15:29:45 CET 2017 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".

The branch, master has been updated
       via  93cc0956a923e94663ae74d1f435604844536571 (commit)
       via  7afddcb157a8d8e27cfdee3cdbeb0eae483aa24c (commit)
       via  af0af36bb9a520c31c31067b9b68fd565eef0e63 (commit)
       via  936b23e17a4b7d76d94be276ed1ceb9be8872299 (commit)
       via  acabdc87c9a883e36def78dcff6fccb4980d35ab (commit)
       via  a8fdac38d8a1cf9e996195c5b04702d1d2eaa106 (commit)
      from  0c3c162f767f5587f5fad7375151f8efca3689b3 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 93cc0956a923e94663ae74d1f435604844536571
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Thu Jan 19 11:46:21 2017 +0100

    Bug 9569: Security patch for AutoLocation
    
    If a patron is not allowed to access the staff interface because its IP
    address in the authorised range of IPs, the cookie should not contain
    the CGISESSID.
    If it is, the patron is logged in and will be able to access the staff
    interface if he reload the page (or hit another one).
    
    Test plan:
    Confirm the that AutoLocation feature is now working as expected.
    
    Note: It seems that this feature has never really worked as intended.
    Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
    
    Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>

commit 7afddcb157a8d8e27cfdee3cdbeb0eae483aa24c
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Thu Jan 19 10:00:40 2017 +0100

    Bug 9569: Update warning message
    
    Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
    
    Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>

commit af0af36bb9a520c31c31067b9b68fd565eef0e63
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Tue Aug 16 14:01:40 2016 +0100

    Bug 9569: Do not check the IP for login at the OPAC
    
    At the OPAC, the AutoLocation feature should not be taken into account:
    login to the OPAC from outside the IP range should work
    
    Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
    
    Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>

commit 936b23e17a4b7d76d94be276ed1ceb9be8872299
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Tue Aug 16 13:56:25 2016 +0100

    Bug 9569: Remove unused occurrence of AutoLocation
    
    `git grep ManualLocation` does not return any results
    
    Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
    
    Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>

commit acabdc87c9a883e36def78dcff6fccb4980d35ab
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Tue Aug 16 13:56:19 2016 +0100

    Bug 9569: AutoLocation should not depend on IndependentBranches
    
    Those 2 prefs can be independent and it does not make sense to consider
    AutoLocation only if IndependentBranches is set.
    
    Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
    
    Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>

commit a8fdac38d8a1cf9e996195c5b04702d1d2eaa106
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Tue Aug 16 14:02:58 2016 +0100

    Bug 9569: Fix AutoLocation - handle .* for subnets
    
    The example in branches.tt is:
      Can be entered as a single IP, or a subnet such as 192.168.1.*
    
    But actually the regex in C4::Auth does not handle subnets.
    
    Test plan:
    0/ Apply all the patches
    1/ Switch AutoLocation on
    2/ Define a subnet (192.168.0.* if your ip is like 192.168.0.X) in the IP
    range of your library
    3/ Log in on the staff interface
    => Should work
    
    Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
    
    Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>

-----------------------------------------------------------------------

Summary of changes:
 C4/Auth.pm                                         |    8 ++++++-
 circ/circulation.pl                                |    5 ----
 koha-tmpl/intranet-tmpl/prog/en/modules/auth.tt    |   24 ++++++++++----------
 .../prog/en/modules/circ/circulation-home.tt       |    2 +-
 4 files changed, 20 insertions(+), 19 deletions(-)


hooks/post-receive
-- 
main Koha release repository

More information about the koha-commits mailing list