[koha-commits] main Koha release repository branch 3.22.x updated. v3.22.15-13-g392b655

Git repo owner gitmaster at git.koha-community.org
Mon Jan 30 16:36:21 CET 2017 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".

The branch, 3.22.x has been updated
       via  392b65534d5bac0da6882eb9bbf8aa3829d0ee2a (commit)
       via  5b03c19c124cae4312e1d7aa3b8fd979927b606d (commit)
      from  72d905d8dc0547c0ecff34b99eacaf43ea37c4c9 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 392b65534d5bac0da6882eb9bbf8aa3829d0ee2a
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Fri Jan 13 17:07:34 2017 +0100

    Bug 17901: Force context to scalar
    
    See bug 15809 for more references.
    
    Signed-off-by: Mirko Tietgen <mirko at abunchofthings.net>
    
    Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
    (cherry picked from commit cb4fa17a2712d04590d218635913bfe794510615)
    Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>

commit 5b03c19c124cae4312e1d7aa3b8fd979927b606d
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Fri Jan 13 17:03:41 2017 +0100

    Bug 17901: Fix possible SQL injection in shelf editing
    
    It has been reported that
    /cgi-bin/koha/opac-shelves.pl?op=edit&referer=view&shelfnumber=146&owner=4&shelfname=testX&sortfield=titleaaaaaa\`&category=1
    
    Could lead to SQL injection
    Actually it explodes because the generated SQL query is not correctly formated.
    
    However it would be good to limit the possible values for sortfield.
    
    This vulnerability has been reported by MDSec.
    
    Signed-off-by: Mirko Tietgen <mirko at abunchofthings.net>
    
    Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
    (cherry picked from commit 45cffd874c62c7b090390c5fb3c955c31f524608)
    Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>

-----------------------------------------------------------------------

Summary of changes:
 opac/opac-shelves.pl      |   16 +++++++++-------
 virtualshelves/shelves.pl |    5 ++++-
 2 files changed, 13 insertions(+), 8 deletions(-)


hooks/post-receive
-- 
main Koha release repository

More information about the koha-commits mailing list