[koha-commits] main Koha release repository branch 19.05.x updated. v19.05.08-59-g3836fe5754
Git repo owner
gitmaster at git.koha-community.org
Tue Mar 24 22:14:19 CET 2020
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".
The branch, 19.05.x has been updated
via 3836fe5754f6852239cdb53bfd50ea268e7465e0 (commit)
via 96f6c110ed682aaa323e6094e9bfd19fde3b82db (commit)
from dce4df939c330b8a61eb67cf7d40a3177457a58c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 3836fe5754f6852239cdb53bfd50ea268e7465e0
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Tue Mar 17 11:37:12 2020 +0100
Bug 24878: Add auth check for copy-holidays
Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
Signed-off-by: Joy Nelson <joy at bywatersolutions.com>
(cherry picked from commit 6ef4c45b845b67326e1b115f3c13986135c96222)
Signed-off-by: Lucas Gass <lucas at bywatersolutions.com>
commit 96f6c110ed682aaa323e6094e9bfd19fde3b82db
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Mon Mar 16 16:26:48 2020 +0100
Bug 24878: Add authentication checks to the calendar tool
There is a security hole in 2 scripts that are used by the UI to edit
holidays.
To test:
1) Go to Tools -> Calendar, for Centerville
Check no holiday for 30/4/2020
2) To add a new holiday without login execute
a curl command with necessary parameters
3) Reload page from 1), verify the new holiday
edit and delete the holiday
4) Apply the patch
5) Do 2) again, this time you get a lengthy output,
with the magic words:
<title>Koha ›
Log in to Koha
</title>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
Only tested newHoliday but the fix is the same.
No errors
Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
Signed-off-by: Joy Nelson <joy at bywatersolutions.com>
(cherry picked from commit 656e7814b34d07534fa3a044f9cc7a8f4f4feea6)
Signed-off-by: Lucas Gass <lucas at bywatersolutions.com>
-----------------------------------------------------------------------
Summary of changes:
tools/copy-holidays.pl | 2 ++
tools/exceptionHolidays.pl | 3 +++
tools/newHolidays.pl | 2 ++
3 files changed, 7 insertions(+)
hooks/post-receive
--
main Koha release repository
More information about the koha-commits
mailing list