[koha-commits] main Koha release repository branch 18.11.x updated. v18.11.14-11-gf97f271fd2

Git repo owner gitmaster at git.koha-community.org
Tue Mar 24 02:50:15 CET 2020 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".

The branch, 18.11.x has been updated
       via  f97f271fd2a4e68c4ec02b940f521d648867efb5 (commit)
       via  54dfd0a0cd27bc83aa4e571ed793254fe16c3511 (commit)
      from  bfdc5866e812853f2142ef2ec1d134e605421881 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit f97f271fd2a4e68c4ec02b940f521d648867efb5
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Tue Mar 17 11:37:12 2020 +0100

    Bug 24878: Add auth check for copy-holidays
    
    Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
    
    Signed-off-by: Joy Nelson <joy at bywatersolutions.com>
    (cherry picked from commit 6ef4c45b845b67326e1b115f3c13986135c96222)
    
    Signed-off-by: Hayley Mapley <hayleymapley at catalyst.net.nz>

commit 54dfd0a0cd27bc83aa4e571ed793254fe16c3511
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Mon Mar 16 16:26:48 2020 +0100

    Bug 24878: Add authentication checks to the calendar tool
    
    There is a security hole in 2 scripts that are used by the UI to edit
    holidays.
    
    To test:
    1) Go to Tools -> Calendar, for Centerville
       Check no holiday for 30/4/2020
    2) To add a new holiday without login execute
       a curl command with necessary parameters
    3) Reload page from 1), verify the new holiday
       edit and delete the holiday
    4) Apply the patch
    5) Do 2) again, this time you get a lengthy output,
       with the magic words:
    
       <title>Koha ›
           Log in to Koha
       </title>
    
    Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
    Only tested newHoliday but the fix is the same.
    No errors
    
    Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
    
    Signed-off-by: Joy Nelson <joy at bywatersolutions.com>
    (cherry picked from commit 656e7814b34d07534fa3a044f9cc7a8f4f4feea6)
    
    Signed-off-by: Hayley Mapley <hayleymapley at catalyst.net.nz>

-----------------------------------------------------------------------

Summary of changes:
 tools/copy-holidays.pl     | 2 ++
 tools/exceptionHolidays.pl | 3 +++
 tools/newHolidays.pl       | 2 ++
 3 files changed, 7 insertions(+)


hooks/post-receive
-- 
main Koha release repository

More information about the koha-commits mailing list