[koha-commits] main Koha release repository branch 17.05.x updated. v17.05.01-58-g50431a4
Git repo owner
gitmaster at git.koha-community.org
Tue Jul 18 15:32:52 CEST 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".
The branch, 17.05.x has been updated
via 50431a49849089fd1960accc26b934f29763cd99 (commit)
via 9939c7f3bf961e5b7789f4d64e0fc074408b71b1 (commit)
via a64d14db20ac55fe4bcc8de06207c516d2237788 (commit)
from cffb4a26b3264137130d7a1a3c287d1f17c05b77 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 50431a49849089fd1960accc26b934f29763cd99
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Mon Jul 10 11:56:46 2017 -0300
Bug 18854: Protect few other occurrences of offset
Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
(cherry picked from commit 9f47bd88252e201f9f06fd734dae154d9bc41543)
Signed-off-by: Fridolin Somers <fridolin.somers at biblibre.com>
commit 9939c7f3bf961e5b7789f4d64e0fc074408b71b1
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Wed Jul 5 10:44:55 2017 -0300
Bug 18854: Make sure offset will not be < 0 - protect from DoS
There was a bug that meant a very large offset in the search params
will cause the search script to run forever (or long enough to crash
the machine)
To test
1/ Get ready with sudo top so you can kill the thread before it causes
your machine to OOM
2/ Hit a page like yourdomain.com/cgi-bin/koha/opac-search.pl?q=1&offset=-9999999999999999999
3/ Notice the process runs for a long time
4/ Kill the process
5/ Apply the patch
6/ Hit the page again, notice the it loads (offset is set to zero)
7/ Do the same to search in the staff client
Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
(cherry picked from commit aabf001232fc46ee04cecb3a43fe8c0366a091df)
Signed-off-by: Fridolin Somers <fridolin.somers at biblibre.com>
commit a64d14db20ac55fe4bcc8de06207c516d2237788
Author: Chris Cormack <chris at bigballofwax.co.nz>
Date: Sun Jun 25 17:34:12 2017 +1200
Bug 18854 - Protect from DOS
There was a bug that meant a very large offset in the search params
will cause the search script to run forever (or long enough to crash
the machine)
To test
1/ Get ready with sudo top so you can kill the thread before it causes
your machine to OOM
2/ Hit a page like yourdomain.com/cgi-bin/koha/opac-search.pl?q=1&offset=-9999999999999999999
3/ Notice the process runs for a long time
4/ Kill the process
5/ Apply the patch
6/ Hit the page again, notice the it loads (offset is set to zero)
7/ Do the same to search in the staff client
Signed-off-by: Mirko Tietgen <mirko at abunchofthings.net>
Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
Amended: changed -2 to 0 in opac-search.pl.
Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
(cherry picked from commit 99b32717cd2596ce89a2d46b8cb4ddbba2dea5ad)
Signed-off-by: Fridolin Somers <fridolin.somers at biblibre.com>
-----------------------------------------------------------------------
Summary of changes:
C4/AuthoritiesMarc.pm | 2 +-
C4/Search.pm | 1 +
Koha/SearchEngine/Elasticsearch/Search.pm | 4 +++-
admin/auth_subfields_structure.pl | 3 ++-
admin/auth_tag_structure.pl | 3 ++-
admin/marc_subfields_structure.pl | 3 ++-
catalogue/search.pl | 1 +
opac/opac-search.pl | 1 +
8 files changed, 13 insertions(+), 5 deletions(-)
hooks/post-receive
--
main Koha release repository
More information about the koha-commits
mailing list