[koha-commits] main Koha release repository branch 19.05.x updated. v19.05.08-59-g3836fe5754

Git repo owner gitmaster at git.koha-community.org
Tue Mar 24 22:14:19 CET 2020 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".

The branch, 19.05.x has been updated
       via  3836fe5754f6852239cdb53bfd50ea268e7465e0 (commit)
       via  96f6c110ed682aaa323e6094e9bfd19fde3b82db (commit)
      from  dce4df939c330b8a61eb67cf7d40a3177457a58c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 3836fe5754f6852239cdb53bfd50ea268e7465e0
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Tue Mar 17 11:37:12 2020 +0100

    Bug 24878: Add auth check for copy-holidays
    
    Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
    
    Signed-off-by: Joy Nelson <joy at bywatersolutions.com>
    (cherry picked from commit 6ef4c45b845b67326e1b115f3c13986135c96222)
    
    Signed-off-by: Lucas Gass <lucas at bywatersolutions.com>

commit 96f6c110ed682aaa323e6094e9bfd19fde3b82db
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Mon Mar 16 16:26:48 2020 +0100

    Bug 24878: Add authentication checks to the calendar tool
    
    There is a security hole in 2 scripts that are used by the UI to edit
    holidays.
    
    To test:
    1) Go to Tools -> Calendar, for Centerville
       Check no holiday for 30/4/2020
    2) To add a new holiday without login execute
       a curl command with necessary parameters
    3) Reload page from 1), verify the new holiday
       edit and delete the holiday
    4) Apply the patch
    5) Do 2) again, this time you get a lengthy output,
       with the magic words:
    
       <title>Koha ›
           Log in to Koha
       </title>
    
    Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
    Only tested newHoliday but the fix is the same.
    No errors
    
    Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
    
    Signed-off-by: Joy Nelson <joy at bywatersolutions.com>
    (cherry picked from commit 656e7814b34d07534fa3a044f9cc7a8f4f4feea6)
    
    Signed-off-by: Lucas Gass <lucas at bywatersolutions.com>

-----------------------------------------------------------------------

Summary of changes:
 tools/copy-holidays.pl     | 2 ++
 tools/exceptionHolidays.pl | 3 +++
 tools/newHolidays.pl       | 2 ++
 3 files changed, 7 insertions(+)


hooks/post-receive
-- 
main Koha release repository

More information about the koha-commits mailing list