Bug 36799: Illegitimate modification of MARC authid field content (001)
It happens that librarians to save time open an authority editor by putting in the URL, by hand, the authid prefixed, by mistake, with a blank (e.g. .../authorities.pl?authid= 100 -- mind the space before 100). In such a case the editor opens with the right auth record (i.e. 100) but, after saving the record, the content of the authid MARC field (001 for a standard MARC 21 installation) results modified and contains additional initial blanks. Moreover, if the heading (1XX field) was modified in the authority record during such an edit, the changes will not propagate to the linked bibliographic records. And won't in the future. This is because in the authorities.pl script $authid is taken (and continuously used) directly from CGI parameter, without any validation and/or correction (line 540 in the current main branch). Test plan: ========== 1. Open an auth record in the editor with an added space before authid value, e.g.: http://ktd:8081/cgi-bin/koha/authorities/detail.pl?authid= 100 Modify the heading field -- in the ktd data set: 150 Computerized typesetting Save the record. 2. a) Open the record for editing again--see the space added before the authid in field 001. Close the editor (with Cancel). b) Try to go to the linked biblio records with Used in X records. Note no results, if using ES. c) Remove the space before authid (after an:) in the URL. Go to the linked biblio records. See that the content of the field controlled by the modified auth record did not update. 3. Apply the patch; restart_all. 4. Repeat p. 1 and 2 with a different authid. Everything should be OK now. Sponsored-by: Ignatianum University in Cracow Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This commit is contained in:
Janusz Kaczmarek
parent
d2f41df188
commit
4b66fbc4eb
GPG key ID:
0EF6E2C03357A834
1 changed files with 2 additions and 1 deletions
|
|
@ -537,7 +537,8 @@ sub build_hidden_data {
|
|||
my $input = CGI->new;
|
||||
my $z3950 = $input->param('z3950');
|
||||
my $error = $input->param('error');
|
||||
my $authid=$input->param('authid'); # if authid exists, it's a modif, not a new authority.
|
||||
my $authid = $input->param('authid') =~ s/\D//gr
|
||||
; # if authid exists, it's a modif, not a new authority. We remove from authid all non-digit characters just in case the CGI parameter contains weird characters like spaces
|
||||
my $op = $input->param('op');
|
||||
my $nonav = $input->param('nonav');
|
||||
my $myindex = $input->param('index');
|
||||
|
|
|
|||
Loading…
Reference in a new issue