Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
CAS supports single logout, where if you logout of one application it
logs you out of all of them.
This bug implements this
You will need a CAS server (with single logout configure),
and at least 2 applications (one being Koha)
1/ In Koha login via CAS
2/ Login to the other application via CAS
3/ Logout of the other application
4/ Notice you are still logged into Koha
5/ Log out of Koha
6/ Apply patch
7/ Login to Koha via CAS, login to other app via CAS
8/ Log out of other app
9/ Notice you are logged out of Koha
If you dont have CAS, this patch should be a no op, you could test that
1/ Login and logout normally
2/ Apply patch
3/ Login and logout still work fine
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Patch works as described, local login still works correctly.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The login template must have a class attribute on the body tag in order
for the template to pass tests.
To test, apply the patch and confirm that the staff client login form
still looks the same. For further confirmation you could update the
IntranetUserCSS system preference with something like this:
.main_main-auth {
background-color: #CCF;
}
The login form should now have a different background color.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This reverts commit a67fdf3bd4.
I am not sure we already agreed on that: the UI let the ability to
choose different AV category for each frameworks. I think it should be
discussed widely before removing this possibility.
Even if I am pretty sure it is not handle correctly everywhere.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The MARC21 XSLT doesn't add html classes to distinguish between
certain elements, and there's no way to rely on the element
positioning, making it impossible to style the elements with CSS.
Add the missing classes to distinguish the elements.
Test plan:
1) Apply patch
2) Search for any biblios
3) Check the search result page table HTML to see that the
"Publisher", "Edition", "Source", "Other title", and "Online access"
are wrapped in a span with class of results_summary and one
of "publisher", "edition", "source", "other_title", and
"online_access"
4) Check that the search results of the elements above looks correct
when compared to the other elements
Signed-off-by: Pasi Kallinen <pasi.kallinen@joensuu.fi>
Signed-off-by: Sebastian Hierl <s.hierl@aarome.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Fix the same error in another place
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
If you use bulkmarcimport.pl to import records with items it looks
like the successfull insert of the record is reported multiple time,
but the second and subsequent "ok" is really related to importing
the item(s).
This patch changes the log message on successfully inserting an item
to match the log message given when inserting an item fails.
To test, the easy way:
- Look at lines 530 and 536 of bulkmarcimport.pl, and note that the
"op" in those two lines are different
- Apply the patch
- Look at lines 530 and 536 again, and note that the "op" is now
identical, and that this makes sense, since they are both related
to the same operation, specifically inserting an item
To test, the hard way
- Have some records with items
- Import the records with bulkmarcimport.pl, and make sure to specify
the -l option, to create a log of the actions taken
- Look at the log and verify it looks something like this:
id;operation;status
1;insert;ok
1;insert;ok
2;insert;ok
2;insert;ok
- Apply this patch and import some more records with items. The log
should now be similar to this:
id;operation;status
1;insert;ok
1;insertitem;ok
2;insert;ok
2;insertitem;ok
Signed-off-by: Maksim Sen <maksim.sen@inlibro.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
There should be a space between patron name and cardnumber on the check
out screen.
This patch adds a space between patron and cardnumber.
To test:
1 type a patron name into the check out search or go to the check out
tab from a patron record
2 Confirm there is no space between patron name and cardnumber on the
check out page
3 apply patch
4 confirm there is now a space
5 sign off :)
Signed-off-by: Sebastian Hierl <s.hierl@aarome.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
There's javascript code in opac detail view that tries to replace
the word "Show" with "Hide" (and vice versa) in a title attribute.
In addition to those words being untranslatable, a word replacement
like that would not work properly when using other languages.
Replace the single title attribute with two translatable strings,
one for the "Show" case and one "Hide", and use the whole
string instead of trying to replace a single word.
Test plan:
1) Make sure OpacBrowseResults is on
2) in OPAC, search the catalog and go to the detail view
3) Hover the mouse over the "Browse results" text in the grey box on the
right side. The popup text should show something like
"Show pagination list (1-5 / 5)"
4) Click on the "Browse results"
5) Hover the mouse again over the text. The popup should show
"Hide pagination list (1-5 / 5)"
6) Update a language xx-YY, translate the new msgids
"Show pagination list (%s-%s / %s)" and
"Hide pagination list (%s-%s / %s)", and install the language
7) Repeat 2-5 with that language, making sure the popup
texts show up correctly in that language
Signed-off-by: Pasi Kallinen <pasi.kallinen@joensuu.fi>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds a check in admin-home.pl to see whether plugins are
enabled. If plugins are disabled, the link to plugins management is
hidden even if the user has plugin management permission.
To test, view the administration home page with plugins enabled and
disabled via the enable_plugins flag in the Koha configuration file.
Also test using users with different plugins permissions:
- Plugins enabled
- CAN_user_plugins = 1
-> Plugins link appears
- CAN_user_plugins = 0
-> Plugins link hidden
- Plugins disabled
- CAN_user_plugins = 1,
- CAN_user_plugins = 0
-> Plugins link hidden
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Differences in markup around some toolbars has the potential to create
CSS styling problems. This patch changes the markup to be consistent
with other instances of <div id="toolbar"></div>
To test, apply the patch and view these pages:
- Course reserves (main page)
- Course reserves -> Course detail page
- Reports -> Dictionary
On each of these pages the toolbar should look correct.
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To test:
1 - grep get_biblionumber_from_isbn
2 - verify all occurences are not actual calls (except for test)
3 - Apply patch
4 - grep get_biblionumber_from_isbn
5 - Verify it is removed
Signed-off-by: Roch D'Amour <roch.damour@inlibro.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The following output:
dh: Compatibility levels before 9 are deprecated (level 7 in use)
dh_testdir -O--fail-missing
dh_auto_clean -O--fail-missing
dh_auto_clean: Compatibility levels before 9 are deprecated (level 7 in use)
dh_clean -O--fail-missing
is given when trying to following these instructions:
https://wiki.koha-community.org/wiki/Building_Debian_Packages_-_The_Easy_Way
This merely tweaks the debian/compat file from 7 to 9.
The message goes away.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
From https://www.debian.org/doc/manuals/maint-guide/dother.en.html:
You may use compat level v9 in certain circumstances for compatibility with older systems. However, using any level below v9 is not recommended and should be avoided for new packages.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test Plan:
0.1 - find at least one biblionumber that has at least one item checked out
0.2 - find at least one biblionumber that has zero items checked out.
1 - Go into the module "Tools > Batch record deletion"
2 - in "List of biblionumbers or authority ids (one per line)" put the values you found in step 0.1 and 0.2
3 - click continue
4 - biblionumbers with at least one item checked out should not be clickable.
5 - biblionumbers with zero items checked out should be clickable.
6 - click "Select all" and "Clear all", both buttons should change the "checked" status of the enabled AND disabled biblionumber checkboxes.
7 - apply patch
8 - click "Select all" and "Clear all", both buttons should change the "checked" status of ONLY the enabled biblionumber checkboxes.
Signed-off-by: JM Broust <jean-manuel.broust@univ-lyon2.fr>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The file is no longer used (is it?) and the project looks dead. Let
remove that file.
Signed-off-by: Roch D'Amour <roch.damour@inlibro.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch corrects the favicon.ico path for the installer.
On git installs, it used to point to ./koha-tmpl/favicon.ico,
and on regular installs, it probably just didn't work.
https://bugs.koha-community.org/show_bug.cgi?id=20173
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch removes some HTML and ico files that are no longer
used in Koha.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes template and CSS changes so that the staff client main
page doesn't get an unwanted top margin from the Bootstrap-grid
conversion.
- The unused "main" class is removed from the login page
- The "main" class on the staff client home page is changed to
"intranet-main."
- The CSS for the staff client home page has been modified accordingly.
To test, apply the patch and clear your browser cache if necessary.
- Open the staff client login page. It should look as it always does.
- Log in and check the style of the main page. There should be no white
margin at the top of the page.
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Followed test plan. Patch functions as described and both commands execute.
Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This attempts to handle issues arising when running
koha-create on a system that never had MySQL installed.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This tweaks the perldoc for SendQueuedMessages and adds
some for _get_unsent_messages.
TEST PLAN
---------
perldoc C4::Letters
-- look at _add_attachments (ugly), _get_unsent_messages (non-existent),
SendQueuedMessages (no reference to borrowernumber or letter_code).
apply patch
perldoc C4::Letters
-- confirm that SendQueuedMessages and _get_unsent_messages
have reasonable POD information.
-- notice how _add_attachments' POD is now readable
run koha qa test tools
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Run through the password reset process, and your server
should send the message immediate, not waiting for the
cronjob.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Run the following commands:
kshell
prove -v t/db_dependent/Letters.t
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This is a QA follow-up of bug 19436, submitted separately for ease of
backporting it. (The bug was not raised by 19436.)
Obviously, the number of authority servers not biblio servers should
be the key factor for showing or hiding the button for new authority
records via Z39.50/SRU.
Trivial fix.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To test:
1. In staff client, set your username to firstname
2. Add userid to BorrowerUnwantedField system preference
3. Go to your patron modification screen (memberentry.pl) and click Save
4. Observe you get kicked out into login screen, saying:
Error: You do not have permission to access this page.
Log in as a different user
5. Apply patch and restart plack
6. Set your username back to firstname
7. Repeat step 3
8. Observe you were not kicked out and your userid stays the same
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Replaces "or" with "||" in variable assignment
second attempt to retrieve borrower was not being executed due
to changed precedence
Signed-off-by: Colin Campbell <colin.campbell@ptfs-europe.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Actually catalog detail page shows for damaged and lost items the authorized value description if exists.
We must do the same for withdrawn information.
Test plan :
1) Set for items a subfield linked to items.withdrawn and using the authorized value category 'WITHDRAWN'
2) Edit the authorized value category to add value '2' and description 'Eaten by dog'
3) Edit an item to set this withdrawn value
4) Go to staff interface and look at items in record detail page /cgi-bin/koh/catalogue/detail.pl :
=> Without patch you see 'Withdrawn' and with patch you see 'Eaten by dog'
5) Go to OPAc and look at items in record detail page /cgi-bin/koha/opac-detail.pl :
=> Without patch you see 'Withdrawn' and with patch you see 'Eaten by dog'
Signed-off-by: delaye <stephane.delaye@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test plan:
0) Aplly only first patch
1) You will be able to submit a from on member-password.pl even if the
passwords don't match
2) Apply this patch -> you can't be able to submit the form if the
paswords don't match, but you'll be able to submit the form when
password fields are blank
Signed-off-by: Roch D'Amour <roch.damour@inlibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test plan:
0) Do not apply the patch, note the password field is always required
1) Apply the patch
2) Try to add and edit patron with and without "password" in BorrowerMandatoryField, it should always respect this setting
3) Use "Change password" button in patron toolbar, the password field
should be never required here - when leaved blank, the password is
unchanged
4) Play with minPasswordLength and RequireStrongPassword preferences,
to ensure they work as expected
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Fixes this error:
Undefined subroutine &main::MarkIssueReturned called at
misc/cronjobs/longoverdue.pl line 316.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
The longoverdue.pl option --mark-returned doesn't work unless the
--charge option is used as well.
Test Plan:
1) Run long overdue with --mark-returned and not --charge,
note your items are marked lost but not returned
2) Apply this patch
3) Repeat step 1, the items should now get returned!
Tested with (for example):
misc/cronjobs/longoverdue.pl --lost 10=1 --mark-returned --verbose
--confirm
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Trivial and hypothetical fix.
If you create /root/AA B (space in dirname), the quotes added here will
help you to get back where you came from.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch makes koha-plack jump into the instance's home directory to
run.
It is required because Perl 5.18 introduced a breaking change that
makes perl die if @INC includes directories for which the user doesn't
have read permission, and need to be traversed when querying for a lib.
This is the case of '.', which is introduced automatically into @INC
until Perl 5.26 (which removes the 'feature').
The Mojolicious::Plugins lib prefixes the plugin names with
'Mojolicious::Plugin' so it first looks (for example) for
Mojolicious::Plugin::Koha::REST::Plugin::Pagination (Pagination is just
the first one on the list). When it looks for it at '.' it dies (because
of Perl's behaviour) so it doesn't query for the right namespace (the
following to try).
I only reproduced it in koha-testing-docker. To test, you just need to
try this patched koha-plack and make sure it doesn't break due to this
permissions issue.
To test:
- In your koha-testing-docker clone, run:
$ docker-compose up -p test
- Open a shell inside the container (on a separate terminal):
$ docker exec -it test_koha_1 bash
- From within the /root directory, restart plack:
$ cd /root
$ koha-plack --restart kohadev
=> FAIL: Logs show plack is broken due to permissions problems trying to
find Mojolicious::Plugin::Koha::REST::Plugin::Pagination
- Use the patched script from this patch:
$ /kohadevbox/koha/debian/scripts/koha-plack --restart kohadev
=> SUCCESS: Plack runs fine, no error in the logs
- Sign off :-D
Note: people who has environments in which the problems is reproducible,
please test this version of koha-plack and stamp your sign-off,
PLEASE.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Test plan:
1) Go to Tools -> Batch patrons modification
2) Select some patrons and try to change any field
--> without patch - it exploads with log:
Can't call method "category" on unblessed reference at /home/vagrant/kohaclone/tools/modborrowers.pl
--> with patch - the modification is properly made
Signed-off-by: Roch D'Amour <roch.damour@inlibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
If you have an item-level hold, changing an attribute (like priority,
pickup location or suspended until date) makes the hold a biblio-level
hold, because ModReserve is not passed the current itemnumber.
This patch uses the hold's itemnumber and passes it to the ModReserve
call.
To test:
- Run the regression tests from the previous patch:
$ kshell
k$ prove t/db_dependent/api/v1/holds.t
=> FAIL: Tests fail
- Apply this patch
- Run the tests:
$ kshell
k$ prove t/db_dependent/api/v1/holds.t
=> SUCCESS: Tests pass!
- Sign off :-D
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This test does obviously not achieve the desired result:
[ "chdir" != "no" ]
Trivial fix.
Adding the same quotes around starting_dir (just as for Bug 19546).
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
In order to patch production sites we need to adjust the shipped
cronjobs so they are called with the --chdir option switch.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Until Perl 5.26, the current directory is added to @INC when running a
Perl script [1]. Having the current directory in @INC means it can be
tried to be traversed when performing a lib lookup. Since version 5.18,
Perl dies when it finds an unreadable directory (permissions) in @INC
that needs to be traversed. This behaviour won't change because Perl
devs consider it an enhancement to security. [2]
Because of this, we need to make sure our scripts are ran **from** a
directory in which they have read permissions.
Ths patch adds a --chdir option switch to the **koha-foreach** wrapper
script, that makes the inner shells/scripts to be ran within the Koha
instance's user home directory.
The change is trivial and should be QAed easily. I tested this on a prod
server:
- Create a /tmp/test.pl file containing:
use Modern::Perl;
use Cwd;
my $dir = getcwd;
warn $dir;
1;
A) then create a cronjob entry to run it using koha-foreach:
(in /etc/cron.d/test):
1/* * * * * root koha-foreach perl /tmp/test.pl
- Once I noticed the cronjob ran, I used mutt to read the emails in the
root user.
=> FAIL:
...
Subject: Cron <root@koha> koha-foreach --enabled perl /tmp/test.pl
"/root"
"/root"
"/root"
"/root"
"/root"
...
B) I then used the patched koha-foreach with different results:
=> SUCCESS:
...
Subject: Cron <root@koha> /root/koha-foreach --chdir --enabled perl /tmp/test.pl
"/var/lib/koha/acaderc"
"/var/lib/koha/agro"
"/var/lib/koha/anc"
"/var/lib/koha/arico"
"/var/lib/koha/artes"
...
So this patch's approach works. But...
C) master's koha-foreach seems to work just the same... I think it is
because of my previous attempt to fix this by using sudo in koha-shell.
So I think environmental conditions affect the behaviour (which shell is
configured for cron, sudo configuration, etc).
====
In conclusion, I think we should go ahead with this patch as it will solve
peoples issues, and it is a right solution (option #5 on the list) to
this Perl behaviour change. It doesn't cover other commands, but
followup patches could do.
I avoided /tmp as it is writable by any user... so it is an easy path
for both exploiting by replacing some lib, and also because the
existence of an unreadable dir that the interpreter could try to
traverse (unreadable /tmp/Authen or /tmp/Koha will trigger the same
error, and I assume people know what they are putting on the instance's
dir, at least it will be easier to track).
A followup patch takes care of making the cronjobs use --chdir when
calling koha-foreach
[1] https://lists.debian.org/debian-devel-announce/2016/08/msg00013.html
[2] https://rt.perl.org/Public/Bug/Display.html?id=123795
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Colin Campbell <colin.campbell@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
