Commit graph

32 commits

Author SHA1 Message Date
Fridolyn SOMERS
dd2de85892 Bug 8692: Authorities search form does not correspond to current search query
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
The correct tab is now visible on load. The problem with authtypecode
showing up in the search box is specific to UNIMARC, so I could not
check that it was gone, but I am comfortable signing off on this.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-09-20 14:06:41 +02:00
90db8c0e22 Bug 4198 - Followup - PerlTidy authorities-home.pl
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-08-02 15:43:11 +02:00
1000599eaa Bug 4198 - deleting an authority refreshes the page
Makes clicking a Delete link refresh the search that
was performed so that the results are still on the screen.

Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Works as advertised. Very usefull. Still the issue that indexing being
not in real time, the search result displays the just deleted authority.
But there is no way to do better.
2012-08-02 15:43:08 +02:00
Jared Camins-Esakov
7bc4a6025b Bug 5910: [SIGNED-OFF] only add "All authority types" for UNIMARC
UNIMARC is the only marcflavour that does not already have an option
for searching all authority types, so check that the marcflavour is
UNIMARC before displaying the additional "All authority types" option.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-06-20 22:22:25 +02:00
Chris Nighswonger
b0f60221f4 Security Bugfix: Bug 1953 Adding Placeholders to SQL To Avoid Potential Injection Attacks
This patch addresses both security issues mentioned in the summary of the report
submitted by Frère Sébastien Marie included below.

---------------------------
The problem is here: 'C4/AuthoritiesMarc.pm' in the function 'DelAuthority':
The argument $authid is included directly (not via statement) in the SQL.

For the exploit of this problem, you can use 'authorities/authorities-home.pl'
with authid on the URL and op=delete (something like
"authorities/authorities-home.pl?op=delete&authid=xxx").

This should successfully call DelAuthority, without authentification...
(DelAuthority is call BEFORE get_template_and_user, so before authentification
[This should be an issue also...]).

Please note that the problem isn't only that anyone can delete an authority of
this choose, it is more general: with "authid=1%20or%1=1" (after inclusion sql
will be like: "delete from auth_header where authid=1 or 1=1") you delete all
authorities ; with "authid=1;delete%20from%xxx" it is "delete from auth_header
where authid=1;delete from xxx" and so delete what you want...

SQL-INJECTION is very permissive: you can redirect the output in a file (with
some MySQL function), so write thea file of you choose in the server, in order
to create a backdoor, and compromise the server.

Signed-off-by: Frère Sébastien Marie <semarie-koha@latrappe.fr>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-02-25 07:08:39 +13:00
Colin Campbell
9e5366734b Bug 5315: Remove references to obsolete variable nbstatements
Trying to see the wood from the trees

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-10-26 08:39:18 -04:00
Lars Wirzenius
f49cdbf199 Fix FSF address in directory authorities/
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-03-16 20:17:49 -04:00
Colin Campbell
bcde53b5ba Bug 2505 Enabled warnings in authorities/*
Fixed obvious warnings generators in scripts
with mismatched comparisons or undefined variables
removed temporary variable selected while ensuring the
comparison it represented was between two defined variables

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-02-08 21:47:53 -05:00
Galen Charlton
4bf76c2d77 bug 2615: remove unneeded 'require Exporter'
Most Perl scripts (as opposed to modules) do
not need to require Exporter.

No user-visible or documentation changes.

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2008-09-26 09:05:08 -05:00
Galen Charlton
b50d23fa99 removed 'AddStatement' op from authorities search
The AddStatement op is an archaism from 2.2 that
has not been used in the templates for at least a
year.

No documentation changes.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-06-05 22:47:39 -05:00
Henri-Damien LAURENT
65295e5e22 authorities result lists where badly paged.
finalresult contained the whole list and not only the useful results.
resultlist contained only 19 elements. adding one
parameters passed through pages contained also empty parameters deleting them.
Conflicts:

	C4/AuthoritiesMarc.pm

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-12-13 18:25:52 -06:00
Paul POULAIN
30fbc40061 BUGFIX (minor)
authority list ordering was bugguy

Signed-off-by: Chris Cormack <crc@liblime.com>
2007-09-30 16:03:35 -05:00
toins
d81440c91e reindenting + removing unused syspref. 2007-07-26 15:20:22 +00:00
hdl
100e6a9808 functions that were in C4::Interface::CGI::Output are now in C4::Output.
So this implies quite a change for files.
Sorry about conflicts which will be caused.
directory Interface::CGI should now be dropped.
I noticed that many scripts (reports ones, but also some circ/stats.pl or opac-topissues) still use Date::Manip.
2007-04-24 13:54:28 +00:00
hdl
b767f50c8f Code Cleaning : AuthoritiesMARC. 2007-04-06 14:48:45 +00:00
hdl
1ab5cdfd44 removing $dbh as a parameter in AuthoritiesMarc functions
And reporting all differences into the scripts taht relies on those functions.
2007-03-28 10:39:16 +00:00
tipaul
2ffd5b7228 rel_3_0 moved to HEAD 2007-03-09 14:28:54 +00:00
tgarip1957
7e52a5665c Clean up before final commits 2006-09-06 16:21:03 +00:00
toins
400bd1dfba Add a call to C4::Biblio.pm 2006-08-10 13:33:57 +00:00
toins
cc9524a875 Head & rel_2_2 merged 2006-07-04 14:36:51 +00:00
plg
e0090dcdaa new: authorities in prog/en template, only partial import from default/en
template.

improved: C4::Output::pagination_bar builds an HTML pagination bar with no
language dependency. This function hugely simplifies templates and offers a
standard pagination method. This function also improves preformances.
2006-04-04 10:05:48 +00:00
tipaul
d5938493d7 synch'ing head and rel_2_2 (from 2.2.5, including npl templates)
Seems not to break too many things, but i'm probably wrong here.
at least, new features/bugfixes from 2.2.5 are here (tested on some features on my head local copy)

- removing useless directories (koha-html and koha-plucene)
2006-01-06 16:39:37 +00:00
tipaul
5e44e797eb synch'ing 2.2 and head 2005-06-20 13:15:46 +00:00
tipaul
93ff09d081 merging 2.2 branch with head. Sorry for not making it before, many many commits done here 2005-03-01 13:40:35 +00:00
tipaul
712dc1f9f6 authoritiy list shown in authtypetext order (so authtypetext with a space appear first, hint used everywhere else for lists) 2004-12-13 16:39:14 +00:00
tipaul
538a0b15a3 fixes in authorities. Now, it should work well... 2004-08-18 16:05:42 +00:00
doxulting
0c3e1dd11b Some minor debug changes 2004-07-30 13:55:58 +00:00
tipaul
f9c9b6e6f0 using acquisition.pm instead of catalogue.pm 2004-07-15 09:53:09 +00:00
doxulting
4a8ae6a31b New stuff for authorities 2004-07-06 13:15:11 +00:00
doxulting
e737c7eb1d First step for working authorities 2004-07-05 13:37:22 +00:00
tipaul
e7e930ab39 MARC authority management (continued) 2004-06-10 08:28:40 +00:00
tipaul
e7a22dc7c4 MARC authority management (1st draft. works really poorly) 2004-06-07 07:36:46 +00:00