[koha-commits] main Koha release repository branch 18.05.x updated. v18.05.11-28-g147d67c

Git repo owner gitmaster at git.koha-community.org
Mon Apr 15 20:28:31 CEST 2019 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".

The branch, 18.05.x has been updated
       via  147d67cebfa6a67b0a783fda03be588d08910a7c (commit)
       via  96a700c3dd0d4008c6c0250ac24c8c0c2e8b9dee (commit)
      from  4250579e3f6a7c7e941376b31d48a854f0ad7c43 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 147d67cebfa6a67b0a783fda03be588d08910a7c
Author: Tomas Cohen Arazi <tomascohen at theke.io>
Date:   Fri Apr 5 15:13:36 2019 -0300

    Bug 22068: (QA follow-up) Return meaningful error codes
    
    Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
    
    Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
    (cherry picked from commit e98dacf9f1f8464f0db394da6bc1152f96713597)
    Signed-off-by: Martin Renvoize <martin.renvoize at ptfs-europe.com>
    (cherry picked from commit 912a97f8b49b89d03ed524bed2072db0a50c4527)
    
    Signed-off-by: Lucas Gass <lucas at bywatersolutions.com>

commit 96a700c3dd0d4008c6c0250ac24c8c0c2e8b9dee
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Thu Feb 14 17:03:17 2019 -0300

    Bug 22068: Prevent patrons to cancel article request they did not create
    
    opac-article-request-cancel.pl doesn't check that the article request to
    be cancelled actually belongs to the logged-in borrower. This results in
    any logged-in user being able to cancel any article request just by
    changing the id in the URL.
    
    Test plan:
    - Login with Patron P1, create an article request
    - Cancel it
    - Create another one
    - Copy the cancellation link (must be /cgi-bin/koha/opac-article-request-cancel.pl?id=X)
    - Login with Patron P2
    - Hit the cancellation link
    => Without this patch the article request is cancelled
    => With this patch applied there is a 404 redirection
    
    Note that the 404 will also appears when the article request id does not
    exist.
    
    Signed-off-by: Ere Maijala <ere.maijala at helsinki.fi>
    Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
    
    Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
    (cherry picked from commit 0b931d5de3c4fe9fa2b4823d9b8727b28a46aa7c)
    Signed-off-by: Martin Renvoize <martin.renvoize at ptfs-europe.com>
    (cherry picked from commit dc32211a8ea12e67453e5af9edaac0a73b52e2de)
    
    Signed-off-by: Lucas Gass <lucas at bywatersolutions.com>

-----------------------------------------------------------------------

Summary of changes:
 opac/opac-article-request-cancel.pl |   13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
main Koha release repository

More information about the koha-commits mailing list