[koha-commits] main Koha release repository branch 3.22.x updated. v3.22.15-9-g23d3ca3
Git repo owner
gitmaster at git.koha-community.org
Mon Jan 30 16:28:57 CET 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".
The branch, 3.22.x has been updated
via 23d3ca374fe2940ba016612f41310b539ce4e0c8 (commit)
via bb39ed102872924b091c74e5960893ff60e9c4a7 (commit)
via f985ef45bd083e2df66b689733abfaa456a91974 (commit)
via 599e5791b9fa26e7528e78bf7d4a6d3b5be47825 (commit)
via f97589ddd12cdfe0eda258ee4f30de7738b44952 (commit)
via 5af583c4e1587cd3d9417e9e4e5d46be055cd917 (commit)
from 8ba4026aab60f5dc92910ca8485bb05efcc47593 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 23d3ca374fe2940ba016612f41310b539ce4e0c8
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Thu Jan 19 11:46:21 2017 +0100
Bug 9569: Security patch for AutoLocation
If a patron is not allowed to access the staff interface because its IP
address in the authorised range of IPs, the cookie should not contain
the CGISESSID.
If it is, the patron is logged in and will be able to access the staff
interface if he reload the page (or hit another one).
Test plan:
Confirm the that AutoLocation feature is now working as expected.
Note: It seems that this feature has never really worked as intended.
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
(cherry picked from commit 93cc0956a923e94663ae74d1f435604844536571)
Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
commit bb39ed102872924b091c74e5960893ff60e9c4a7
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Thu Jan 19 10:00:40 2017 +0100
Bug 9569: Update warning message
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
(cherry picked from commit 7afddcb157a8d8e27cfdee3cdbeb0eae483aa24c)
Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
commit f985ef45bd083e2df66b689733abfaa456a91974
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Tue Aug 16 14:01:40 2016 +0100
Bug 9569: Do not check the IP for login at the OPAC
At the OPAC, the AutoLocation feature should not be taken into account:
login to the OPAC from outside the IP range should work
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
(cherry picked from commit af0af36bb9a520c31c31067b9b68fd565eef0e63)
Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
commit 599e5791b9fa26e7528e78bf7d4a6d3b5be47825
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Tue Aug 16 13:56:25 2016 +0100
Bug 9569: Remove unused occurrence of AutoLocation
`git grep ManualLocation` does not return any results
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
(cherry picked from commit 936b23e17a4b7d76d94be276ed1ceb9be8872299)
Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
commit f97589ddd12cdfe0eda258ee4f30de7738b44952
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Tue Aug 16 13:56:19 2016 +0100
Bug 9569: AutoLocation should not depend on IndependentBranches
Those 2 prefs can be independent and it does not make sense to consider
AutoLocation only if IndependentBranches is set.
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
(cherry picked from commit acabdc87c9a883e36def78dcff6fccb4980d35ab)
Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
commit 5af583c4e1587cd3d9417e9e4e5d46be055cd917
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Tue Aug 16 14:02:58 2016 +0100
Bug 9569: Fix AutoLocation - handle .* for subnets
The example in branches.tt is:
Can be entered as a single IP, or a subnet such as 192.168.1.*
But actually the regex in C4::Auth does not handle subnets.
Test plan:
0/ Apply all the patches
1/ Switch AutoLocation on
2/ Define a subnet (192.168.0.* if your ip is like 192.168.0.X) in the IP
range of your library
3/ Log in on the staff interface
=> Should work
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
(cherry picked from commit a8fdac38d8a1cf9e996195c5b04702d1d2eaa106)
Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
-----------------------------------------------------------------------
Summary of changes:
C4/Auth.pm | 8 ++++++-
circ/circulation.pl | 5 ----
koha-tmpl/intranet-tmpl/prog/en/modules/auth.tt | 24 ++++++++++----------
.../prog/en/modules/circ/circulation-home.tt | 2 +-
4 files changed, 20 insertions(+), 19 deletions(-)
hooks/post-receive
--
main Koha release repository
More information about the koha-commits
mailing list