[koha-commits] main Koha release repository branch 19.11.x updated. v19.11.03-86-g6ef4c45b84

Git repo owner gitmaster at git.koha-community.org
Tue Mar 24 01:19:29 CET 2020 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".

The branch, 19.11.x has been updated
       via  6ef4c45b845b67326e1b115f3c13986135c96222 (commit)
       via  656e7814b34d07534fa3a044f9cc7a8f4f4feea6 (commit)
      from  95e24ed2dcda660079111fd45a2cd31e3e481b86 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 6ef4c45b845b67326e1b115f3c13986135c96222
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Tue Mar 17 11:37:12 2020 +0100

    Bug 24878: Add auth check for copy-holidays
    
    Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
    
    Signed-off-by: Joy Nelson <joy at bywatersolutions.com>

commit 656e7814b34d07534fa3a044f9cc7a8f4f4feea6
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Mon Mar 16 16:26:48 2020 +0100

    Bug 24878: Add authentication checks to the calendar tool
    
    There is a security hole in 2 scripts that are used by the UI to edit
    holidays.
    
    To test:
    1) Go to Tools -> Calendar, for Centerville
       Check no holiday for 30/4/2020
    2) To add a new holiday without login execute
       a curl command with necessary parameters
    3) Reload page from 1), verify the new holiday
       edit and delete the holiday
    4) Apply the patch
    5) Do 2) again, this time you get a lengthy output,
       with the magic words:
    
       <title>Koha ›
           Log in to Koha
       </title>
    
    Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
    Only tested newHoliday but the fix is the same.
    No errors
    
    Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
    
    Signed-off-by: Joy Nelson <joy at bywatersolutions.com>

-----------------------------------------------------------------------

Summary of changes:
 tools/copy-holidays.pl     | 2 ++
 tools/exceptionHolidays.pl | 3 +++
 tools/newHolidays.pl       | 2 ++
 3 files changed, 7 insertions(+)


hooks/post-receive
-- 
main Koha release repository

More information about the koha-commits mailing list