[koha-commits] main Koha release repository branch master updated. v18.05.00-388-gc6b50f0

Git repo owner gitmaster at git.koha-community.org
Thu Aug 2 15:35:36 CEST 2018 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".

The branch, master has been updated
       via  c6b50f0bac092779f93033c8a3f002cb8722d7d4 (commit)
       via  552873f7d466abee6919414b8d2f5e6c99f9a44f (commit)
       via  10720d2a5c50b82d565cab9ad70c8498164d81b2 (commit)
      from  6e0548cc1a7a924731bd414fec2f7917f044040a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit c6b50f0bac092779f93033c8a3f002cb8722d7d4
Author: David Cook <dcook at prosentient.com.au>
Date:   Tue Jul 3 19:04:50 2018 +1000

    Bug 21031: Apache Rewrite rules don't work for API when using anything but Debian package Plack configuration
    
    The Rewrite rules for Apache don't work unless you're using
    debian/templates/apache-shared-opac-plack.conf or
    debian/templates/apache-shared-intranet-plack.conf.
    
    This patch fixes the Rewrite rules for the non-Plack Debian
    Apache configuration templates as well as the standard
    Apache configuration file that comes with Koha.
    
    __BEFORE APPLYING__
    1. Visit /api/v1/app.pl/api/v1/spec on your git dev install
    2. This should display a large page of JSON
    3. Visit /api/v1/spec on your git dev install
    4. This should generate a 404 error
    
    __APPLY PATCH__
    
    __AFTER APPLYING__
    5. Visit /api/v1/app.pl/api/v1/spec on your git dev install
    6. This should display a large page of JSON
    7. Visit /api/v1/spec on your git dev install
    8. This should display a large page of JSON (identical to
    the one from earlier steps)
    
    Signed-off-by: Ere Maijala <ere.maijala at helsinki.fi>
    
    Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
    Passed QA with few notes posted separately to Bugzilla.
    Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>

commit 552873f7d466abee6919414b8d2f5e6c99f9a44f
Author: Andrew Isherwood <andrew.isherwood at ptfs-europe.com>
Date:   Tue May 15 16:00:02 2018 +0100

    Bug 20770: ILL loans OPAC form notes field allow arbitrary input
    
    This patch addresses the lack of sanitization of the "notes" field on
    the OPAC "View Interlibrary loan request" page.
    
    To test:
    
    - Apply the patch
    - As an OPAC user, create an ILL request
    - Navigate to the request's "View Interlibrary loan request" page
    - Add the following note:
    
      Hello
      <h1>TESTING</h1>
      <script>alert('pwned');</script>
    
    - Click "Submit modifications"
    - TEST: Observe, when the page reloads, only the following is preserved in the
    "Notes" textarea:
    
        Hello
        TESTING
    
    - As a staff user, naviate to the ILL requests table
    - Select "Manage request" for the request you created
    - TEST: Observe that the Notes field only contains:
    
        Hello
        TESTING
    
    - TEST: Observe that no Javascript alert is displayed
    
    Signed-off-by: Mark Tompsett <mtompset at hotmail.com>
    
    Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
    Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>

commit 10720d2a5c50b82d565cab9ad70c8498164d81b2
Author: Liz Rea <liz at catalyst.net.nz>
Date:   Thu Jul 26 16:26:15 2018 +1200

    Bug 21122: Fix check-url-quick when utf8 characters in URL's
    
    To test:
    
    Make a record with a URL that has a UTF8 character, such as:
    http://some.nonexistent.tld/MāoriWomenAotearoa.pdf
    Run the check-url-quick.pl job, notice it dies at that URL
    Apply this patch
    Test again, it should work.
    
    Signed-off-by: Owen Leonard <oleonard at myacpl.org>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
    Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>

-----------------------------------------------------------------------

Summary of changes:
 debian/templates/apache-shared-intranet.conf              |    6 ++----
 debian/templates/apache-shared-opac.conf                  |    6 ++----
 etc/koha-httpd.conf                                       |   13 +++++--------
 koha-tmpl/intranet-tmpl/prog/css/staff-global.css         |    4 ++++
 .../intranet-tmpl/prog/en/modules/ill/ill-requests.tt     |    4 ++--
 .../opac-tmpl/bootstrap/en/modules/opac-illrequests.tt    |    4 ++--
 misc/cronjobs/check-url-quick.pl                          |    2 ++
 7 files changed, 19 insertions(+), 20 deletions(-)


hooks/post-receive
-- 
main Koha release repository

More information about the koha-commits mailing list