Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity

Merge remote-tracking branch 'security/22.11.x-security' into 22.11.x

Browse source
This commit is contained in:
Frédéric Demians 2024-04-03 15:32:56 +02:00
commit 3d4016ef31
38 changed files with 994 additions and 196 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
C4/Letters.pm
View file

@ -602,6 +602,28 @@ sub GetPreparedLetter {
return;
my $want_librarian = $params{want_librarian};
$letter->{content} = _process_tt(
{
content => $letter->{content},
lang => $lang,
loops => $loops,
objects => $objects,
substitute => $substitute,
tables => $tables,
}
);
$letter->{title} = _process_tt(
{
content => $letter->{title},
lang => $lang,
loops => $loops,
objects => $objects,
substitute => $substitute,
tables => $tables,
}
);
if (%$substitute) {
while ( my ($token, $val) = each %$substitute ) {
$val //= q{};
@ -672,28 +694,6 @@ sub GetPreparedLetter {
}
}
$letter->{content} = _process_tt(
{
content => $letter->{content},
lang => $lang,
loops => $loops,
objects => $objects,
substitute => $substitute,
tables => $tables,
}
);
$letter->{title} = _process_tt(
{
content => $letter->{title},
lang => $lang,
loops => $loops,
objects => $objects,
substitute => $substitute,
tables => $tables,
}
);
$letter->{content} =~ s/<<\S*>>//go; #remove any stragglers
return $letter;

2
Koha.pm
View file

@ -29,7 +29,7 @@ use vars qw{ $VERSION };
# - #4 : the developer version. The 4th number is the database subversion.
# used by developers when the database changes. updatedatabase take care of the changes itself
# and is automatically called by Auth.pm when needed.
$VERSION = "22.11.15.000";
$VERSION = "22.11.16.000";
sub version {
return $VERSION;

7
acqui/check_uniqueness.pl
View file

@ -37,6 +37,13 @@ use C4::Output qw( output_with_http_headers );
use C4::Items qw( SearchItems );
my $input = CGI->new;
my ($auth_status) =
check_cookie_auth( $input->cookie('CGISESSID'), { catalogue => 1 } );
if ( $auth_status ne "ok" ) {
print $input->header( -type => 'text/plain', -status => '403 Forbidden' );
exit 0;
}
my @field = $input->multi_param('field[]');
my @value = $input->multi_param('value[]');

7
catalogue/image.pl
View file

@ -33,6 +33,13 @@ use Koha::CoverImages;
$| = 1;
my $input = CGI->new;
my ($auth_status) =
check_cookie_auth( $input->cookie('CGISESSID'), { catalogue => 1 } );
if ( $auth_status ne "ok" ) {
print $input->header( -type => 'text/plain', -status => '403 Forbidden' );
exit 0;
}
my $imagenumber;
=head1 NAME

8
cataloguing/plugin_launcher.pl
View file

@ -19,10 +19,18 @@
use Modern::Perl;
use CGI qw ( -utf8 );
use C4::Auth qw( check_cookie_auth );
use Koha::FrameworkPlugin;
my $input = CGI->new;
my ($auth_status) =
check_cookie_auth( $input->cookie('CGISESSID'), { catalogue => 1 } );
if ( $auth_status ne "ok" ) {
print $input->header( -type => 'text/plain', -status => '403 Forbidden' );
exit 0;
}
my $plugin= Koha::FrameworkPlugin->new( {
name => scalar $input->param("plugin_name"),
});

10
cataloguing/value_builder/barcode.pl
View file

@ -29,6 +29,16 @@ use Koha::DateUtils qw( dt_from_string );
use Algorithm::CheckDigits qw( CheckDigits );
use CGI qw ( -utf8 );
use C4::Auth qw( check_cookie_auth );
my $input = CGI->new;
my ($auth_status) =
check_cookie_auth( $input->cookie('CGISESSID'), { catalogue => 1 } );
if ( $auth_status ne "ok" ) {
print $input->header( -type => 'text/plain', -status => '403 Forbidden' );
exit 0;
}
my $builder = sub {
my ( $params ) = @_;
my $function_name = $params->{id};

10
cataloguing/value_builder/barcode_manual.pl
View file

@ -27,6 +27,16 @@ use C4::Barcodes::ValueBuilder;
use C4::Biblio qw( GetMarcFromKohaField );
use Koha::DateUtils qw( dt_from_string );
use CGI qw ( -utf8 );
use C4::Auth qw( check_cookie_auth );
my $input = CGI->new;
my ($auth_status) =
check_cookie_auth( $input->cookie('CGISESSID'), { catalogue => 1 } );
if ( $auth_status ne "ok" ) {
print $input->header( -type => 'text/plain', -status => '403 Forbidden' );
exit 0;
}
my $builder = sub {
my ( $params ) = @_;
my $function_name = $params->{id};

10
cataloguing/value_builder/dateaccessioned.pl
View file

@ -21,6 +21,16 @@
# along with Koha; if not, see <http://www.gnu.org/licenses>.
use Modern::Perl;
use CGI qw ( -utf8 );
use C4::Auth qw( check_cookie_auth );
my $input = CGI->new;
my ($auth_status) =
check_cookie_auth( $input->cookie('CGISESSID'), { catalogue => 1 } );
if ( $auth_status ne "ok" ) {
print $input->header( -type => 'text/plain', -status => '403 Forbidden' );
exit 0;
}
my $builder = sub {
my ( $params ) = @_;
my $function_name = $params->{id};

10
cataloguing/value_builder/marc21_field_005.pl
View file

@ -21,6 +21,16 @@
use Modern::Perl;
use CGI qw ( -utf8 );
use C4::Auth qw( check_cookie_auth );
my $input = CGI->new;
my ($auth_status) =
check_cookie_auth( $input->cookie('CGISESSID'), { catalogue => 1 } );
if ( $auth_status ne "ok" ) {
print $input->header( -type => 'text/plain', -status => '403 Forbidden' );
exit 0;
}
my $builder = sub {
my ( $params ) = @_;
my $function_name = $params->{id};

12
cataloguing/value_builder/marc21_field_245h.pl
View file

@ -20,7 +20,17 @@
# along with Koha; if not, see <http://www.gnu.org/licenses>.
use Modern::Perl;
use C4::Context;
use CGI qw ( -utf8 );
use C4::Auth qw( check_cookie_auth );
my $input = CGI->new;
my ($auth_status) =
check_cookie_auth( $input->cookie('CGISESSID'), { catalogue => 1 } );
if ( $auth_status ne "ok" ) {
print $input->header( -type => 'text/plain', -status => '403 Forbidden' );
exit 0;
}
my $builder = sub {
my ( $params ) = @_;

10
cataloguing/value_builder/marc21_field_260b.pl
View file

@ -27,6 +27,16 @@ biblioitems.publishercode
use Modern::Perl;
use C4::Context;
use CGI qw ( -utf8 );
use C4::Auth qw( check_cookie_auth );
my $input = CGI->new;
my ($auth_status) =
check_cookie_auth( $input->cookie('CGISESSID'), { catalogue => 1 } );
if ( $auth_status ne "ok" ) {
print $input->header( -type => 'text/plain', -status => '403 Forbidden' );
exit 0;
}
my $builder = sub {
my ( $params ) = @_;
my $function_name = $params->{id};

9
cataloguing/value_builder/marc21_orgcode.pl
View file

@ -24,6 +24,15 @@ use Modern::Perl;
use C4::Context;
use Koha::Libraries;
use CGI qw ( -utf8 );
use C4::Auth qw( check_cookie_auth );
my $input = CGI->new;
my ($auth_status) =
check_cookie_auth( $input->cookie('CGISESSID'), { catalogue => 1 } );
if ( $auth_status ne "ok" ) {
print $input->header( -type => 'text/plain', -status => '403 Forbidden' );
exit 0;
}
my $builder = sub {
my ( $params ) = @_;

9
cataloguing/value_builder/stocknumber.pl
View file

@ -21,6 +21,15 @@
use Modern::Perl;
use C4::Context;
use CGI qw ( -utf8 );
use C4::Auth qw( check_cookie_auth );
my $input = CGI->new;
my ($auth_status) =
check_cookie_auth( $input->cookie('CGISESSID'), { catalogue => 1 } );
if ( $auth_status ne "ok" ) {
print $input->header( -type => 'text/plain', -status => '403 Forbidden' );
exit 0;
}
my $builder = sub {
my ( $params ) = @_;

10
cataloguing/value_builder/upload.pl
View file

@ -30,6 +30,16 @@ use Modern::Perl;
# the possibility to delete the uploaded file. If the field is empty, you
# can upload a new file.
use CGI qw ( -utf8 );
use C4::Auth qw( check_cookie_auth );
my $input = CGI->new;
my ($auth_status) =
check_cookie_auth( $input->cookie('CGISESSID'), { catalogue => 1 } );
if ( $auth_status ne "ok" ) {
print $input->header( -type => 'text/plain', -status => '403 Forbidden' );
exit 0;
}
my $builder = sub {
my ( $params ) = @_;
return <<"SCRIPT";

2
debian/templates/apache-shared-intranet.conf vendored
View file

@ -13,7 +13,7 @@ ScriptAlias /search "/usr/share/koha/intranet/cgi-bin/catalogue/search.pl"
# Protect dev package install
RewriteEngine on
RewriteRule ^/cgi-bin/koha/(C4|debian|etc|installer/data|install_misc|Koha|misc|selenium|t|test|tmp|xt)/|\.PL$ /notfound [PT]
RewriteRule ^/cgi-bin/koha/(C4|debian|docs|etc|installer/data|install_misc|Koha|misc|selenium|t|test|tmp|xt)/|\.PL$ /notfound [PT]
RewriteRule ^/bib/([^\/]*)/?$ /cgi-bin/koha/catalogue/detail.pl?biblionumber=$1 [PT]
RewriteRule ^/isbn/([^\/]*)/?$ /search?q=isbn:$1 [PT]

27
installer/data/mysql/db_revs/221115001.pl Executable file
View file

@ -0,0 +1,27 @@
use Modern::Perl;
return {
bug_number => "36244",
description => "Template Toolkit syntax not escaped in letter templates",
up => sub {
my ($args) = @_;
my ( $dbh, $out ) = @$args{qw(dbh out)};
my $query = q{SELECT * FROM letter WHERE content LIKE "[|%%SET%<<%|%]" ESCAPE '|'};
my $sth = $dbh->prepare($query);
$sth->execute();
if ( $sth->rows ) {
say $out "You have one or more templates that have been affected by bug 36244.";
say $out "These templates assign template toolkit variables values";
say $out "using the double arrows syntax. E.g. [% SET name = '<<branches.branchname>>' %]";
say $out
"This will no longer function correctly as Template Toolkit is now rendered before the double arrow syntax.";
say $out "The following notices will need to be updated:";
while ( my $row = $sth->fetchrow_hashref() ) {
say $out
"ID: $row->{id} / MODULE: $row->{module} / CODE: $row->{code} / BRANCHCODE: $row->{branchcode} / NAME: $row->{name}";
}
}
},
};

7
installer/data/mysql/db_revs/221116000.pl Executable file
View file

@ -0,0 +1,7 @@
use Modern::Perl;
return {
bug_number => undef,
description => 'Koha 22.11.16 release',
up => sub { },
}

27
installer/externalmodules.pl
View file

@ -1,27 +0,0 @@
#!/usr/bin/perl
# This Script can be used to provide a list of ALL external modules ***used*** (uncommented) in Koha.
# It provides you not only the list of modules BUT ALSO the files that uses those modules.
# utf8 or warnings or other lib use are not taken into account at the moment.
use Modern::Perl;
use C4::Context;
my $dir=C4::Context->config('intranetdir');
qx(grep -r "^ *use" $dir | grep -v "C4\|strict\|vars" >/tmp/modulesKoha.log);
$dir=C4::Context->config('opacdir');
qx(grep -r "^ *use" $dir | grep -v "C4\|strict\|vars" >>/tmp/modulesKoha.log);
open my $fh, '<', '/tmp/modulesKoha.log' ||die "unable to open file /tmp/modulesKoha.log";
my %modulehash;
while (my $line=<$fh>){
if ( $line=~m#(.*)\:\s*use\s+([A-Z][^\s;]+)# ){
my ($file,$module)=($1,$2);
my @filename = split /\//, $file;
push @{$modulehash{$module}},$filename[scalar(@filename) - 1];
}
}
print "external modules used in Koha ARE :\n";
map {print "* $_ \t in files ",join (",",@{$modulehash{$_}}),"\n" } sort keys %modulehash;
close $fh;
unlink "/tmp/modulesKoha.log";

2
koha-tmpl/intranet-tmpl/prog/en/includes/reports-menu.inc
View file

@ -52,7 +52,7 @@
<ul>
<li><a href="/cgi-bin/koha/reports/itemslost.pl">Lost items</a></li>
<li><a href="/cgi-bin/koha/reports/orders_by_fund.pl">Orders by fund</a></li>
<li><a href="/cgi-bin/koha/reports/manager.pl?report_name=itemtypes">Catalog by item type</a></li>
<li><a href="/cgi-bin/koha/reports/catalog_by_itemtype.pl">Catalog by item type</a></li>
<li><a href="/cgi-bin/koha/reports/issues_avg_stats.pl">Average loan time</a></li>
</ul>
</div>

4
koha-tmpl/intranet-tmpl/prog/en/modules/auth.tt
View file

@ -219,7 +219,9 @@
<script>
$(document).ready( function() {
if ( document.location.hash ) {
$( '#loginform' ).append( '<input name="auth_forwarded_hash" type="hidden" value="' + document.location.hash + '"/>' );
const input = $('<input name="auth_forwarded_hash" type="hidden">')
input.val(document.location.hash);
$( '#loginform' ).append( input );
}
// Clear last borrowers, rememberd sql reports, carts, etc.
logOut();

4
koha-tmpl/intranet-tmpl/prog/en/modules/reports/itemtypes.tt
View file

@ -22,7 +22,7 @@
[% END %]
[% IF ( do_it ) %]
[% WRAPPER breadcrumb_item %]
<a href="/cgi-bin/koha/reports/manager.pl?report_name=itemtypes">Catalog by item type</a>
<a href="/cgi-bin/koha/reports/catalog_by_itemtype.pl">Catalog by item type</a>
[% END %]
[% WRAPPER breadcrumb_item bc_active= 1 %]
<span>Results</span>
@ -69,7 +69,7 @@
[% END %]
[% ELSE %]
<h1>View a count of items held at your library grouped by item type</h1>
<form method="post" action="/cgi-bin/koha/reports/manager.pl?report_name=itemtypes">
<form method="post" action="/cgi-bin/koha/reports/catalog_by_itemtype.pl">
<fieldset class="rows">
<ol>
<li>

2
koha-tmpl/intranet-tmpl/prog/en/modules/reports/reports-home.tt
View file

@ -87,7 +87,7 @@
<ul>
<li><a href="/cgi-bin/koha/reports/itemslost.pl">Items lost</a></li>
<li><a href="/cgi-bin/koha/reports/orders_by_fund.pl">Orders by fund</a></li>
<li><a href="/cgi-bin/koha/reports/manager.pl?report_name=itemtypes">Catalog by item type</a></li>
<li><a href="/cgi-bin/koha/reports/catalog_by_itemtype.pl">Catalog by item type</a></li>
<li><a href="/cgi-bin/koha/reports/issues_avg_stats.pl">Average loan time</a></li>
[% SET koha_version = Koha.Version %]
[% IF koha_version.development %]

6
labels/label-create-csv.pl
View file

@ -26,6 +26,12 @@ use Text::CSV_XS;
use C4::Labels;
my $cgi = CGI->new;
my ($auth_status) =
check_cookie_auth( $cgi->cookie('CGISESSID'), { catalogue => 1 } );
if ( $auth_status ne "ok" ) {
print $cgi->header( -type => 'text/plain', -status => '403 Forbidden' );
exit 0;
}
my $batch_id;
my @label_ids;

6
labels/label-create-xml.pl
View file

@ -26,6 +26,12 @@ use XML::Simple;
use C4::Labels;
my $cgi = CGI->new;
my ($auth_status) =
check_cookie_auth( $cgi->cookie('CGISESSID'), { catalogue => 1 } );
if ( $auth_status ne "ok" ) {
print $cgi->header( -type => 'text/plain', -status => '403 Forbidden' );
exit 0;
}
my $batch_id;
my @label_ids;

0
koha_perl_deps.pl → misc/devel/koha_perl_deps.pl
View file

304
misc/release_notes/release_notes_22_11_16.html Normal file
View file

@ -0,0 +1,304 @@
<h1 id="releasenotesforkoha22.11.16">RELEASE NOTES FOR KOHA 22.11.16</h1>
<p>25 Mar 2024</p>
<p>Koha is the first free and open source software library automation
package (ILS). Development is sponsored by libraries of varying types
and sizes, volunteers, and support companies from around the world. The
website for the Koha project is:</p>
<ul>
<li><a href="http://koha-community.org">Koha Community</a></li>
</ul>
<p>Koha 22.11.16 can be downloaded from:</p>
<ul>
<li><a href="http://download.koha-community.org/koha-22.11.16.tar.gz">Download</a></li>
</ul>
<p>Installation instructions can be found at:</p>
<ul>
<li><a href="http://wiki.koha-community.org/wiki/Installation_Documentation">Koha Wiki</a></li>
<li>OR in the INSTALL files that come in the tarball</li>
</ul>
<p>Koha 22.11.16 is a bugfix/maintenance release with security fixes.</p>
<p>It includes 3 bugfixes.</p>
<p><strong>System requirements</strong></p>
<p>You can learn about the system components (like OS and database) needed for running Koha on the <a href="https://wiki.koha-community.org/wiki/System_requirements_and_recommendations">community wiki</a>.</p>
<h2 id="bugfixes">Bugfixes</h2>
<h3 id="architectureinternalsandplumbing">Architecture, internals, and plumbing</h3>
<h4 id="otherbugsfixed">Other bugs fixed</h4>
<ul>
<li><a href="http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36176">36176</a> [23.11 and below] We need tests to check for 'cud-' operations in stable branches (pre-24.05)</li>
</ul>
<h3 id="opac">OPAC</h3>
<h4 id="otherbugsfixed">Other bugs fixed</h4>
<ul>
<li><a href="http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35942">35942</a> OPAC user can enroll several times to the same club</li>
</ul>
<h3 id="reports">Reports</h3>
<h4 id="criticalbugsfixed">Critical bugs fixed</h4>
<ul>
<li><a href="http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=31988">31988</a> manager.pl is only user for "Catalog by item type" report</li>
</ul>
<h2 id="documentation">Documentation</h2>
<p>The Koha manual is maintained in Sphinx. The home page for Koha
documentation is</p>
<ul>
<li><p><a href="http://koha-community.org/documentation/">Koha Documentation</a>
As of the date of these release notes, the Koha manual is available in the following languages:</p></li>
<li><p><a href="https://koha-community.org/manual/22.11//html/">Chinese (Traditional)</a> (63%)</p></li>
<li><a href="https://koha-community.org/manual/22.11//html/">English</a> (100%)</li>
<li><a href="https://koha-community.org/manual/22.11/en/html/">English (USA)</a></li>
<li><a href="https://koha-community.org/manual/22.11/fr/html/">French</a> (41%)</li>
<li><a href="https://koha-community.org/manual/22.11/de/html/">German</a> (40%)</li>
<li><a href="https://koha-community.org/manual/22.11/hi/html/">Hindi</a> (75%)</li>
</ul>
<p>The Git repository for the Koha manual can be found at</p>
<ul>
<li><a href="https://gitlab.com/koha-community/koha-manual">Koha Git Repository</a></li>
</ul>
<h2 id="translations">Translations</h2>
<p>Complete or near-complete translations of the OPAC and staff
interface are available in this release for the following languages:</p>
<div style="column-count: 2;">
- Arabic (ar_ARAB) (75%)
- Armenian (hy_ARMN) (100%)
- Bulgarian (bg_CYRL) (100%)
- Chinese (Traditional) (81%)
- Czech (71%)
- Dutch (88%)
- English (100%)
- English (New Zealand) (69%)
- English (USA)
- English (United Kingdom) (99%)
- Finnish (96%)
- French (99%)
- French (Canada) (96%)
- German (100%)
- German (Switzerland) (56%)
- Greek (57%)
- Hindi (100%)
- Italian (92%)
- Norwegian Bokmål (69%)
- Persian (fa_ARAB) (75%)
- Polish (99%)
- Portuguese (Brazil) (99%)
- Portuguese (Portugal) (88%)
- Russian (94%)
- Slovak (67%)
- Spanish (100%)
- Swedish (88%)
- Telugu (77%)
- Turkish (88%)
- Ukrainian (79%)
- hyw_ARMN (generated) (hyw_ARMN) (70%)
</div>
<p>Partial translations are available for various other languages.</p>
<p>The Koha team welcomes additional translations; please see</p>
<ul>
<li><a href="http://wiki.koha-community.org/wiki/Translating_Koha">Koha Translation Info</a></li>
</ul>
<p>For information about translating Koha, and join the koha-translate
list to volunteer:</p>
<ul>
<li><a href="http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-translate">Koha Translate List</a></li>
</ul>
<p>The most up-to-date translations can be found at:</p>
<ul>
<li><a href="http://translate.koha-community.org/">Koha Translation</a></li>
</ul>
<h2 id="releaseteam">Release Team</h2>
<p>The release team for Koha 22.11.16 is</p>
<ul>
<li><p>Release Manager: Katrin Fischer</p></li>
<li><p>Release Manager assistants:</p>
<ul>
<li>Tomás Cohen Arazi</li>
<li>Martin Renvoize</li>
<li>Jonathan Druart</li>
</ul></li>
<li><p>QA Manager: Marcel de Rooy</p></li>
<li><p>QA Team:</p>
<ul>
<li>Marcel de Rooy</li>
<li>Julian Maurice</li>
<li>Lucas Gass</li>
<li>Victor Grousset</li>
<li>Kyle M Hall</li>
<li>Nick Clemens</li>
<li>Martin Renvoize</li>
<li>Tomás Cohen Arazi</li>
<li>Aleisha Amohia</li>
<li>Emily Lamancusa</li>
<li>David Cook</li>
<li>Jonathan Druart</li>
<li>Pedor Amorim</li>
</ul></li>
<li><p>Topic Experts:</p>
<ul>
<li>UI Design -- Owen Leonard</li>
<li>Zebra -- Fridolin Somers</li>
<li>REST API -- Tomás Cohen Arazi</li>
<li>ERM -- Matt Blenkinsop</li>
<li>ILL -- Pedro Amorim</li>
<li>SIP2 -- Matthias Meusburger</li>
<li>CAS -- Matthias Meusburger</li>
</ul></li>
<li><p>Bug Wranglers:</p>
<ul>
<li>Aleisha Amohia</li>
<li>Indranil Das Gupta</li>
</ul></li>
<li><p>Packaging Managers:</p>
<ul>
<li>Mason James</li>
<li>Indranil Das Gupta</li>
<li>Tomás Cohen Arazi</li>
</ul></li>
<li><p>Documentation Manager: Aude Charillon</p></li>
<li><p>Documentation Team:</p>
<ul>
<li>Caroline Cyr La Rose</li>
<li>Kelly McElligott</li>
<li>Philip Orr</li>
<li>Marie-Luce Laflamme</li>
<li>Lucy Vaux-Harvey</li>
</ul></li>
<li><p>Translation Manager: Jonathan Druart</p></li>
<li><p>Wiki curators: </p>
<ul>
<li>Thomas Dukleth</li>
<li>Katrin Fischer</li>
</ul></li>
<li><p>Release Maintainers:</p>
<ul>
<li>23.11 -- Fridolin Somers</li>
<li>23.05 -- Lucas Gass</li>
<li>22.11 -- Frédéric Demians</li>
<li>22.05 -- Danyon Sewell</li>
</ul></li>
<li><p>Release Maintainer assistants:</p>
<ul>
<li>22.05 -- Wainui Witika-Park</li>
</ul></li>
</ul>
<h2 id="credits">Credits</h2>
<p>We thank the following individuals who contributed patches to Koha 22.11.16</p>
<div style="column-count: 2;">
- Frédéric Demians (3)
- Jonathan Druart (9)
- Kyle M Hall (3)
- Andreas Jonsson (2)
- Julian Maurice (1)
- Fridolin Somers (1)
</div>
<p>We thank the following libraries, companies, and other institutions who contributed
patches to Koha 22.11.16</p>
<div style="column-count: 2;">
- BibLibre (2)
- ByWater-Solutions (3)
- Koha Community Developers (9)
- Kreablo AB (2)
- Tamil (3)
</div>
<p>We also especially thank the following individuals who tested patches
for Koha</p>
<div style="column-count: 2;">
- Nick Clemens (1)
- Frédéric Demians (15)
- Jonathan Druart (4)
- Katrin Fischer (4)
- Lucas Gass (3)
- Victor Grousset (1)
- Kyle M Hall (2)
- Andrew Fuerste Henry (1)
- Owen Leonard (1)
- David Nind (1)
- Martin Renvoize (11)
- Marcel de Rooy (3)
- Fridolin Somers (12)
</div>
<p>We regret any omissions. If a contributor has been inadvertently missed,
please send a patch against these release notes to koha-devel@lists.koha-community.org.</p>
<h2 id="revisioncontrolnotes">Revision control notes</h2>
<p>The Koha project uses Git for version control. The current development
version of Koha can be retrieved by checking out the master branch of:</p>
<ul>
<li><a href="https://git.koha-community.org/koha-community/koha">Koha Git Repository</a></li>
</ul>
<p>The branch for this version of Koha and future bugfixes in this release
line is 22.11.x-security.</p>
<h2 id="bugsandfeaturerequests">Bugs and feature requests</h2>
<p>Bug reports and feature requests can be filed at the Koha bug
tracker at:</p>
<ul>
<li><a href="http://bugs.koha-community.org">Koha Bugzilla</a></li>
</ul>
<p>He rau ringa e oti ai.
(Many hands finish the work)</p>
<p>Autogenerated release notes updated last on 25 Mar 2024 10:56:35.</p>

266
misc/release_notes/release_notes_22_11_16.md Normal file
View file

@ -0,0 +1,266 @@
# RELEASE NOTES FOR KOHA 22.11.16
25 Mar 2024
Koha is the first free and open source software library automation
package (ILS). Development is sponsored by libraries of varying types
and sizes, volunteers, and support companies from around the world. The
website for the Koha project is:
- [Koha Community](http://koha-community.org)
Koha 22.11.16 can be downloaded from:
- [Download](http://download.koha-community.org/koha-22.11.16.tar.gz)
Installation instructions can be found at:
- [Koha Wiki](http://wiki.koha-community.org/wiki/Installation_Documentation)
- OR in the INSTALL files that come in the tarball
Koha 22.11.16 is a bugfix/maintenance release with security fixes.
It includes 3 bugfixes.
**System requirements**
You can learn about the system components (like OS and database) needed for running Koha on the [community wiki](https://wiki.koha-community.org/wiki/System_requirements_and_recommendations).
## Bugfixes
### Architecture, internals, and plumbing
#### Other bugs fixed
- [36176](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36176) [23.11 and below] We need tests to check for 'cud-' operations in stable branches (pre-24.05)
### OPAC
#### Other bugs fixed
- [35942](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35942) OPAC user can enroll several times to the same club
### Reports
#### Critical bugs fixed
- [31988](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=31988) manager.pl is only user for "Catalog by item type" report
## Documentation
The Koha manual is maintained in Sphinx. The home page for Koha
documentation is
- [Koha Documentation](http://koha-community.org/documentation/)
As of the date of these release notes, the Koha manual is available in the following languages:
- [Chinese (Traditional)](https://koha-community.org/manual/22.11//html/) (63%)
- [English](https://koha-community.org/manual/22.11//html/) (100%)
- [English (USA)](https://koha-community.org/manual/22.11/en/html/)
- [French](https://koha-community.org/manual/22.11/fr/html/) (41%)
- [German](https://koha-community.org/manual/22.11/de/html/) (40%)
- [Hindi](https://koha-community.org/manual/22.11/hi/html/) (75%)
The Git repository for the Koha manual can be found at
- [Koha Git Repository](https://gitlab.com/koha-community/koha-manual)
## Translations
Complete or near-complete translations of the OPAC and staff
interface are available in this release for the following languages:
<div style="column-count: 2;">
- Arabic (ar_ARAB) (75%)
- Armenian (hy_ARMN) (100%)
- Bulgarian (bg_CYRL) (100%)
- Chinese (Traditional) (81%)
- Czech (71%)
- Dutch (88%)
- English (100%)
- English (New Zealand) (69%)
- English (USA)
- English (United Kingdom) (99%)
- Finnish (96%)
- French (99%)
- French (Canada) (96%)
- German (100%)
- German (Switzerland) (56%)
- Greek (57%)
- Hindi (100%)
- Italian (92%)
- Norwegian Bokmål (69%)
- Persian (fa_ARAB) (75%)
- Polish (99%)
- Portuguese (Brazil) (99%)
- Portuguese (Portugal) (88%)
- Russian (94%)
- Slovak (67%)
- Spanish (100%)
- Swedish (88%)
- Telugu (77%)
- Turkish (88%)
- Ukrainian (79%)
- hyw_ARMN (generated) (hyw_ARMN) (70%)
</div>
Partial translations are available for various other languages.
The Koha team welcomes additional translations; please see
- [Koha Translation Info](http://wiki.koha-community.org/wiki/Translating_Koha)
For information about translating Koha, and join the koha-translate
list to volunteer:
- [Koha Translate List](http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-translate)
The most up-to-date translations can be found at:
- [Koha Translation](http://translate.koha-community.org/)
## Release Team
The release team for Koha 22.11.16 is
- Release Manager: Katrin Fischer
- Release Manager assistants:
- Tomás Cohen Arazi
- Martin Renvoize
- Jonathan Druart
- QA Manager: Marcel de Rooy
- QA Team:
- Marcel de Rooy
- Julian Maurice
- Lucas Gass
- Victor Grousset
- Kyle M Hall
- Nick Clemens
- Martin Renvoize
- Tomás Cohen Arazi
- Aleisha Amohia
- Emily Lamancusa
- David Cook
- Jonathan Druart
- Pedor Amorim
- Topic Experts:
- UI Design -- Owen Leonard
- Zebra -- Fridolin Somers
- REST API -- Tomás Cohen Arazi
- ERM -- Matt Blenkinsop
- ILL -- Pedro Amorim
- SIP2 -- Matthias Meusburger
- CAS -- Matthias Meusburger
- Bug Wranglers:
- Aleisha Amohia
- Indranil Das Gupta
- Packaging Managers:
- Mason James
- Indranil Das Gupta
- Tomás Cohen Arazi
- Documentation Manager: Aude Charillon
- Documentation Team:
- Caroline Cyr La Rose
- Kelly McElligott
- Philip Orr
- Marie-Luce Laflamme
- Lucy Vaux-Harvey
- Translation Manager: Jonathan Druart
- Wiki curators:
- Thomas Dukleth
- Katrin Fischer
- Release Maintainers:
- 23.11 -- Fridolin Somers
- 23.05 -- Lucas Gass
- 22.11 -- Frédéric Demians
- 22.05 -- Danyon Sewell
- Release Maintainer assistants:
- 22.05 -- Wainui Witika-Park
## Credits
We thank the following individuals who contributed patches to Koha 22.11.16
<div style="column-count: 2;">
- Frédéric Demians (3)
- Jonathan Druart (9)
- Kyle M Hall (3)
- Andreas Jonsson (2)
- Julian Maurice (1)
- Fridolin Somers (1)
</div>
We thank the following libraries, companies, and other institutions who contributed
patches to Koha 22.11.16
<div style="column-count: 2;">
- BibLibre (2)
- ByWater-Solutions (3)
- Koha Community Developers (9)
- Kreablo AB (2)
- Tamil (3)
</div>
We also especially thank the following individuals who tested patches
for Koha
<div style="column-count: 2;">
- Nick Clemens (1)
- Frédéric Demians (15)
- Jonathan Druart (4)
- Katrin Fischer (4)
- Lucas Gass (3)
- Victor Grousset (1)
- Kyle M Hall (2)
- Andrew Fuerste Henry (1)
- Owen Leonard (1)
- David Nind (1)
- Martin Renvoize (11)
- Marcel de Rooy (3)
- Fridolin Somers (12)
</div>
We regret any omissions. If a contributor has been inadvertently missed,
please send a patch against these release notes to koha-devel@lists.koha-community.org.
## Revision control notes
The Koha project uses Git for version control. The current development
version of Koha can be retrieved by checking out the master branch of:
- [Koha Git Repository](https://git.koha-community.org/koha-community/koha)
The branch for this version of Koha and future bugfixes in this release
line is 22.11.x-security.
## Bugs and feature requests
Bug reports and feature requests can be filed at the Koha bug
tracker at:
- [Koha Bugzilla](http://bugs.koha-community.org)
He rau ringa e oti ai.
(Many hands finish the work)
Autogenerated release notes updated last on 25 Mar 2024 10:56:35.

99
reports/catalog_by_itemtype.pl Executable file
View file

@ -0,0 +1,99 @@
#!/usr/bin/perl
# Copyright 2000-2002 Katipo Communications
#
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# Koha is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
use Modern::Perl;
use C4::Auth qw( get_template_and_user );
use CGI qw ( -utf8 );
use C4::Context;
use C4::Output qw( output_html_with_http_headers );
my $input = CGI->new;
my $report_name = $input->param("report_name");
my $do_it = $input->param('do_it');
my $fullreportname = "reports/itemtypes.tt";
my @values = $input->multi_param("value");
my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
{
template_name => $fullreportname,
query => $input,
type => "intranet",
flagsrequired => { reports => '*' },
}
);
$template->param(
do_it => $do_it,
);
if ($do_it) {
my $results = calculate( \@values );
$template->param( mainloop => $results );
}
output_html_with_http_headers $input, $cookie, $template->output;
sub calculate {
my ($parameters) = @_;
my @results = ();
my $branch = @$parameters[0];
my $dbh = C4::Context->dbh;
my $sth;
if ( C4::Context->preference('item-level_itypes') ) {
$sth = $dbh->prepare(
q|
SELECT itemtypes.itemtype, description, COUNT(*) AS total
FROM itemtypes, items
WHERE items.itype=itemtypes.itemtype
| . ( $branch ? q| AND items.holdingbranch=? | : () ) . q|
GROUP BY itemtypes.itemtype, description, items.itype
ORDER BY itemtypes.description
|
);
} else {
$sth = $dbh->prepare(
q|
SELECT itemtypes.itemtype, description, COUNT(*) AS total
FROM itemtypes, biblioitems, items
WHERE biblioitems.itemtype=itemtypes.itemtype
AND items.biblioitemnumber=biblioitems.biblioitemnumber
| . ( $branch ? q| AND items.holdingbranch=? | : () ) . q|
GROUP BY itemtypes.itemtype, description
ORDER BY itemtypes.description
|
);
}
$sth->execute( $branch || () );
my ( $itemtype, $description, $total );
my $grantotal = 0;
my $count = 0;
while ( ( $itemtype, $description, $total ) = $sth->fetchrow ) {
my %line;
$line{itemtype} = $itemtype;
$line{count} = $total;
$grantotal += $total;
push @results, \%line;
$count++;
}
my @mainloop;
my %globalline;
$globalline{loopitemtype} = \@results;
$globalline{total} = $grantotal;
$globalline{branch} = $branch;
push @mainloop, \%globalline;
return \@mainloop;
}
1;

85
reports/itemtypes.plugin
View file

@ -1,85 +0,0 @@
#!/usr/bin/perl
# Copyright 2000-2002 Katipo Communications
#
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# Koha is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
use strict;
use C4::Auth;
use CGI qw ( -utf8 );
use C4::Context;
use C4::Search;
use C4::Output;
use C4::Koha;
=head1
=cut
sub set_parameters {
my ($template) = @_;
return $template;
}
sub calculate {
my ($parameters) = @_;
my @results =();
my $branch = @$parameters[0];
my $dbh = C4::Context->dbh;
my $sth;
if ( C4::Context->preference('item-level_itypes') ) {
$sth = $dbh->prepare( q|
SELECT itemtypes.itemtype, description, COUNT(*) AS total
FROM itemtypes, items
WHERE items.itype=itemtypes.itemtype
| . ( $branch ? q| AND items.holdingbranch=? | : () ) . q|
GROUP BY itemtypes.itemtype, description, items.itype
ORDER BY itemtypes.description
|);
}
else {
$sth = $dbh->prepare( q|
SELECT itemtypes.itemtype, description, COUNT(*) AS total
FROM itemtypes, biblioitems, items
WHERE biblioitems.itemtype=itemtypes.itemtype
AND items.biblioitemnumber=biblioitems.biblioitemnumber
| . ( $branch ? q| AND items.holdingbranch=? | : () ) . q|
GROUP BY itemtypes.itemtype, description
ORDER BY itemtypes.description
|);
}
$sth->execute($branch || ());
my ($itemtype, $description,$total);
my $grantotal = 0;
my $count = 0;
while (($itemtype, $description,$total) = $sth->fetchrow) {
my %line;
$line{itemtype} = $itemtype;
$line{count} = $total;
$grantotal += $total;
push @results,\%line;
$count ++;
}
my @mainloop;
my %globalline;
$globalline{loopitemtype} = \@results;
$globalline{total} = $grantotal;
$globalline{branch} = $branch;
push @mainloop,\%globalline;
return \@mainloop;
}
1;

53
reports/manager.pl
View file

@ -1,53 +0,0 @@
#!/usr/bin/perl
# Copyright 2000-2002 Katipo Communications
#
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# Koha is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
use Modern::Perl;
use CGI qw ( -utf8 );
use C4::Auth qw( get_template_and_user );
use C4::Context;
use C4::Output qw( output_html_with_http_headers );
my $input = CGI->new;
my $report_name=$input->param("report_name");
my $do_it=$input->param('do_it');
my $fullreportname = "reports/".$report_name.".tt";
my @values = $input->multi_param("value");
my ($template, $borrowernumber, $cookie)
= get_template_and_user({template_name => $fullreportname,
query => $input,
type => "intranet",
flagsrequired => {reports => '*'},
});
$template->param(do_it => $do_it,
report_name => $report_name,
);
my $cgidir = C4::Context->config('intranetdir')."/cgi-bin/reports/";
unless (-r $cgidir and -d $cgidir) {
$cgidir = C4::Context->config('intranetdir')."/reports/";
}
my $plugin = $cgidir.$report_name.".plugin";
require $plugin;
if ($do_it) {
my $results = calculate(\@values);
$template->param(mainloop => $results);
} else {
$template = set_parameters($template);
}
output_html_with_http_headers $input, $cookie, $template->output;

7
serials/lateissues-export.pl
View file

@ -27,6 +27,13 @@ use Koha::CsvProfiles;
use Text::CSV_XS;
my $query = CGI->new;
my ($auth_status) =
check_cookie_auth( $query->cookie('CGISESSID'), { catalogue => 1 } );
if ( $auth_status ne "ok" ) {
print $query->header( -type => 'text/plain', -status => '403 Forbidden' );
exit 0;
}
my $supplierid = $query->param('supplierid');
my @serialids = $query->multi_param('serialid');
my $op = $query->param('op') || q{};

1
t/db_dependent/FrameworkPlugin.t
View file

@ -144,6 +144,7 @@ sub test05 {
my $mOutput = Test::MockModule->new('C4::Output');
$mContext->mock( 'userenv', \&mock_userenv );
$mAuth->mock( 'checkauth', sub { return ( 1, undef, 1, all_perms() ); } );
$mAuth->mock( 'check_cookie_auth', sub { return ('ok') } );
$mOutput->mock('output_html_with_http_headers', sub { ++$launched; } );
my $cgi=CGI->new;

5
t/db_dependent/Koha/UI/Form/Builder/Biblio.t
View file

@ -18,6 +18,7 @@
use Modern::Perl;
use Test::More tests => 7;
use Test::MockModule;
use C4::ClassSource;
@ -26,6 +27,10 @@ use Koha::DateUtils qw( dt_from_string );
use Koha::ItemTypes;
use Koha::Libraries;
# Auth required for cataloguing plugins
my $mAuth = Test::MockModule->new('C4::Auth');
$mAuth->mock( 'check_cookie_auth', sub { return ('ok') } );
my $schema = Koha::Database->new->schema;
$schema->storage->txn_begin;

5
t/db_dependent/Koha/UI/Form/Builder/Item.t
View file

@ -17,6 +17,7 @@
use Modern::Perl;
use Test::More tests => 9;
use Test::MockModule;
use Data::Dumper qw( Dumper );
use utf8;
@ -28,6 +29,10 @@ use Koha::UI::Form::Builder::Item;
use t::lib::TestBuilder;
use t::lib::Mocks;
# Auth required for cataloguing plugins
my $mAuth = Test::MockModule->new('C4::Auth');
$mAuth->mock( 'check_cookie_auth', sub { return ('ok') } );
my $schema = Koha::Database->new->schema;
$schema->storage->txn_begin;

47
t/db_dependent/Letters.t
View file

@ -18,7 +18,7 @@
# along with Koha; if not, see <http://www.gnu.org/licenses>.
use Modern::Perl;
use Test::More tests => 92;
use Test::More tests => 93;
use Test::MockModule;
use Test::Warn;
use Test::Exception;
@ -1099,3 +1099,48 @@ subtest 'Test message_id parameter for SendQueuedMessages' => sub {
is( $message_1->{status}, 'failed', 'Message 1 status is unchanged' );
is( $message_2->{status}, 'sent', 'Valid from_address => status sent' );
};
subtest 'Template toolkit syntax in parameters' => sub {
my $borrowernumber = Koha::Patron->new(
{
firstname => 'Robert',
surname => '[% USE Categories %][% Categories.all().search_related("borrowers").count() %]',
categorycode => $patron_category,
branchcode => $library->{branchcode},
dateofbirth => $date,
smsalertnumber => undef,
}
)->store->borrowernumber;
my $title = q|<<branches.branchname>> - <<status>>|;
my $content = q{Dear <<borrowers.firstname>> <<borrowers.surname>>};
$dbh->do(
q|INSERT INTO letter(branchcode,module,code,name,is_html,title,content,message_transport_type) VALUES (?,'my module','tt test','my name',1,?,?,'email')|,
undef, $library->{branchcode}, $title, $content
);
my $tables = {
borrowers => $borrowernumber,
branches => $library->{branchcode},
biblio => $biblionumber,
};
my $substitute = {
status => 'overdue',
};
my $prepared_letter = GetPreparedLetter(
module => 'my module',
branchcode => $library->{branchcode},
letter_code => 'tt test',
tables => $tables,
substitute => $substitute,
repeat => [],
);
is(
$prepared_letter->{content},
'Dear Robert [% USE Categories %][% Categories.all().search_related("borrowers").count() %]',
'Template toolkit syntax in parameter was not evaluated.'
);
};

5
t/db_dependent/Serials.t
View file

@ -16,12 +16,17 @@ use Koha::DateUtils qw( dt_from_string output_pref );
use Koha::Acquisition::Booksellers;
use t::lib::Mocks;
use t::lib::TestBuilder;
use Test::MockModule;
use Test::More tests => 52;
BEGIN {
use_ok('C4::Serials', qw( updateClaim NewSubscription GetSubscription GetSubscriptionHistoryFromSubscriptionId SearchSubscriptions ModSubscription GetExpirationDate GetSerials GetSerialInformation NewIssue AddItem2Serial DelSubscription GetFullSubscription PrepareSerialsData GetSubscriptionsFromBiblionumber ModSubscriptionHistory GetSerials2 GetLatestSerials GetNextSeq GetSeq CountSubscriptionFromBiblionumber ModSerialStatus findSerialsByStatus HasSubscriptionStrictlyExpired HasSubscriptionExpired GetLateOrMissingIssues check_routing addroutingmember GetNextDate ));
}
# Auth required for cataloguing plugins
my $mAuth = Test::MockModule->new('C4::Auth');
$mAuth->mock( 'check_cookie_auth', sub { return ('ok') } );
my $schema = Koha::Database->new->schema;
$schema->storage->txn_begin;
my $dbh = C4::Context->dbh;

26
xt/find-cud.t Executable file
View file

@ -0,0 +1,26 @@
#!/usr/bin/perl
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# Koha is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
use Modern::Perl;
use Test::More tests => 1;
use Data::Dumper;
my @files = `git grep 'cud-' ':(exclude)xt/find-cud.t' ':(exclude)misc/release_notes/*'`;
chomp for @files;
is( @files, 0, "This branch is not supposed to have 'cud-', see bug 34478." )
or diag( Dumper \@files );

42
xt/find-missing-auth_checks.t Executable file
View file

@ -0,0 +1,42 @@
#!/usr/bin/perl
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# Koha is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
use Modern::Perl;
use Test::More;
use File::Slurp qw(read_file);
my @excluded_paths =
qw(C4 debian docs etc installer/data install_misc Koha misc selenium t test tmp xt changelanguage.pl build-resources.PL fix-perl-path.PL koha_perl_deps.pl );
push @excluded_paths, 'opac'; # We cannot test the OPAC scripts, some can be accessed without authentication
my $grep_cmd = q{git grep -l '#!/usr/bin/perl' -- } . join( ' ', map { qq{':!$_'} } @excluded_paths );
my @files = `$grep_cmd`;
my @missing_auth_check;
FILE: foreach my $file (@files) {
chomp $file;
my @lines = read_file($file);
for my $line (@lines) {
for my $routine (qw( get_template_and_user check_cookie_auth checkauth check_api_auth C4::Service->init )) {
next FILE if $line =~ m|^[^#]*$routine|;
}
}
push @missing_auth_check, $file;
}
is( scalar @missing_auth_check, 0 ) or diag "No auth check in the following files:\n" . join "\n", @missing_auth_check;
done_testing;