[koha-commits] main Koha release repository branch 3.22.x updated. v3.22.15-13-g392b655
Git repo owner
gitmaster at git.koha-community.org
Mon Jan 30 16:36:21 CET 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".
The branch, 3.22.x has been updated
via 392b65534d5bac0da6882eb9bbf8aa3829d0ee2a (commit)
via 5b03c19c124cae4312e1d7aa3b8fd979927b606d (commit)
from 72d905d8dc0547c0ecff34b99eacaf43ea37c4c9 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 392b65534d5bac0da6882eb9bbf8aa3829d0ee2a
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Fri Jan 13 17:07:34 2017 +0100
Bug 17901: Force context to scalar
See bug 15809 for more references.
Signed-off-by: Mirko Tietgen <mirko at abunchofthings.net>
Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
(cherry picked from commit cb4fa17a2712d04590d218635913bfe794510615)
Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
commit 5b03c19c124cae4312e1d7aa3b8fd979927b606d
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Fri Jan 13 17:03:41 2017 +0100
Bug 17901: Fix possible SQL injection in shelf editing
It has been reported that
/cgi-bin/koha/opac-shelves.pl?op=edit&referer=view&shelfnumber=146&owner=4&shelfname=testX&sortfield=titleaaaaaa\`&category=1
Could lead to SQL injection
Actually it explodes because the generated SQL query is not correctly formated.
However it would be good to limit the possible values for sortfield.
This vulnerability has been reported by MDSec.
Signed-off-by: Mirko Tietgen <mirko at abunchofthings.net>
Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
(cherry picked from commit 45cffd874c62c7b090390c5fb3c955c31f524608)
Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
-----------------------------------------------------------------------
Summary of changes:
opac/opac-shelves.pl | 16 +++++++++-------
virtualshelves/shelves.pl | 5 ++++-
2 files changed, 13 insertions(+), 8 deletions(-)
hooks/post-receive
--
main Koha release repository
More information about the koha-commits
mailing list