Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Main Koha release repository https://koha-community.org
54678 commits 35 branches 616 tags 1.8 GiB
Perl 45.6%
JavaScript 39.3%
HTML 7.2%
XSLT 3.7%
Vue 1.4%
Other 2.3%
Find a file
Rudolf Byker 0e9ea3c9f5
Bug 37543: Use CSRF tokens in connexion_import_daemon.pl 
Since version 24.05, due to the changes mentioned at
https://wiki.koha-community.org/wiki/Koha_/svc/_HTTP_API#Changes_coming_in_Koha_24.05 ,
the `connexion_import_daemon.pl` stopped working. The reason for this is that
it did not use CSRF tokens.

To test:
1. Get a Koha instance on 24.05, before applying the patch.
2. Create a plain text file somewhere on the server containing a raw MARC
   record (not XML). Let's call it `marc.txt`.
3. On the server, create a config file like this:
```
host: 0.0.0.0
port: 5500
koha: http://localhost:82  # Where 82 is the port of the Koha staff interface.
user: foo  # A Koha staff user.
password: Fooo1234  # The Koha staff user's password.
import_mode: stage
```
4. Run `./connexion_import_daemon.pl --config the-config-file-path`
5. In another terminal on the same server (or from anywhere that can reach the
   port opened by the `connexion_import_daemon.pl` script,
   run `nc localhost 5500 < marc.txt`
6. Observe in the stderr of the daemon script: `Response: Unsuccessful request`
7. Stop the daemon script.
8. Apply the patch and repeat steps 4 and 5.
9. Observe in the stderr of the daemon script:
   `Response: Success.  Batch number ... - biblio record number HASH(...) added to Koha`
10. Check at /cgi-bin/koha/tools/manage-marc-import.pl for a batch named
    `(webservice)`. It should contain one record now. This is how we know that
    authentication between the daemon and Koha worked, which is what this
    patch tries to address.

Thanks-to: David Cook <dcook@prosentient.com.au>
Sponsored-by: Reformational Study Centre <www.refstudycentre.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-08-16 17:33:42 +02:00
acqui Bug 37343: Fixed search for vendors when transferring an item in acquistions 2024-07-22 07:37:24 +01:00
admin Bug 37263: Fix URL param retrieval 2024-08-02 18:59:56 +02:00
api Bug 36217: Fix background jobs page's include_last_hour filter 2024-08-09 17:36:19 +02:00
authorities Bug 37235: Fix export of single authority record 2024-07-08 17:49:19 +02:00
basket
bin
bookings
C4 Bug 37508: (QA follow-up) Use ->check_columns 2024-08-16 16:22:26 +02:00
catalogue Bug 37425: Check for existence of biblio object before fetching cover images 2024-07-25 11:01:29 +01:00
cataloguing Bug 37371: Move Maskito init to onReady in dateaccessioned.pl 2024-07-22 07:33:18 +01:00
circ Bug 37210: Properly escape SQL query parameters by using bind values 2024-08-01 17:26:46 +02:00
clubs
course_reserves Bug 28762: Use Koha::Course in course-details controller 2024-07-23 16:04:05 +01:00
debian Bug 29507: Speed up auto renew cronjob via parallel processing 2024-07-05 15:48:11 +02:00
docs Bug 37003: (follow-up) Amend 22.11 RMaint 2024-06-25 18:34:14 +02:00
erm
errors
etc Bug 29507: Speed up auto renew cronjob via parallel processing 2024-07-05 15:48:11 +02:00
ill Bug 35106: CSRF fix 2024-04-29 18:53:09 +02:00
installer Bug 37593: Removed all instances of 'this this' in the codebase 2024-08-16 16:22:17 +02:00
Koha Bug 36736: Load plugins at the start of background job processing 2024-08-16 17:33:41 +02:00
koha-tmpl Bug 37536: Update conditional to check for 'cud-saveitem' 2024-08-16 17:33:42 +02:00
labels Bug 37206: Removing an item from a label batch should be a CSRF-protected POST operation 2024-07-02 17:20:38 +02:00
lib Bug 35681: Use ::Bootstrap version of FromANSI 2024-05-02 16:47:39 +02:00
members Bug 28924: (QA follow-up) Use $self instead of $patron 2024-07-18 18:25:55 +02:00
misc Bug 37543: Use CSRF tokens in connexion_import_daemon.pl 2024-08-16 17:33:42 +02:00
offline_circ
opac Bug 37370: Return 400 if OpacExportOptions does not contain the passed format 2024-08-16 16:22:23 +02:00
patron_lists
patroncards Bug 36877: (follow-up) Fix op eq edit to op eq edit_form in edit-batch.pl 2024-05-17 12:03:52 +02:00
plugins
pos Bug 33478: Apply formatting to RECEIPT 2024-04-26 20:15:44 +02:00
preservation
recalls Bug 33478: Apply formatting to RECALL_REQUESTER_DET 2024-04-26 20:15:45 +02:00
reports Bug 37508: Don't return Internal server error when running report 2024-08-16 16:22:27 +02:00
reserve Bug 30579: Disentangle multi-hold and single bib forms 2024-05-07 15:53:57 +02:00
reviews Bug 37074: Comment approval and un-approval should be CSRF-protected 2024-08-01 17:26:34 +02:00
rotating_collections
serials Bug 37247: Fix display of "closed" 2024-08-01 17:26:38 +02:00
services
skel
suggestion Bug 37337: Pass the save $op when biblio_exists 2024-07-18 17:53:12 +02:00
svc Bug 37508: Throw error if password column is detected in SQL report 2024-08-16 16:22:23 +02:00
t Bug 37508: (QA follow-up) Use ->check_columns 2024-08-16 16:22:26 +02:00
tags
tools Bug 37488: Validate paths in datalink.txt/idlink.txt files 2024-08-16 16:22:21 +02:00
virtualshelves Bug 37285: (QA follow-up) Perl Tidy 2024-07-26 13:56:33 +01:00
xt Bug 37018: Add 400 response definition to all routes 2024-08-01 17:26:44 +02:00
.editorconfig
.eslintrc.json Bug 36400: Centralize {js,ts,vue} formatting config in .prettierrc.js 2024-04-22 08:57:39 +02:00
.gitignore Bug 36546: (QA follow-up) Add bundle spec to .gitignore 2024-04-30 15:55:37 -03:00
.htaccess
.mailmap Bug 36943: (follow-up) 24.05.00 - Update .mailmap 2024-05-24 15:36:40 +02:00
.perlcriticrc
.perltidyrc
.prettierrc.js Bug 36400: (follow-up) remove option editorconfig from .prettierrc.js 2024-04-22 08:57:40 +02:00
.proverc.dist
.stylelintrc.json
about.pl Bug 37260: Check message broker for both 'about' and 'sysinfo' tabs 2024-07-22 07:35:31 +01:00
app.psgi Bug 36149: Add userenv middleware to app.psgi 2024-05-14 15:04:37 -03:00
build-resources.PL
changelanguage.pl
cpanfile Bug 25159: Add ability to specify a pre-modified version of action log data and store as diff 2024-05-02 16:47:42 +02:00
cypress.config.ts
fix-perl-path.PL
gulpfile.js Bug 36730: (Bug 35428 follow-up) po files (sometimes) fail to update 2024-05-07 15:53:44 +02:00
help.pl
INSTALL
Koha.pm Bug 36758: DBRev 24.06.00.023 2024-08-09 18:44:52 +02:00
kohaversion.pl
LICENSE
mainpage.pl Bug 30493: (QA follow-up) Fix for the only_my_library case as well 2024-06-21 15:02:54 +02:00
Makefile.PL Bug 36546: Deploy swagger_bundle.json via make 2024-04-30 14:32:10 +02:00
MANIFEST.SKIP
package.json Bug 37303: Replace po2json with a JS version 2024-07-26 14:49:53 +01:00
README
README.md
README.robots
rewrite-config.PL
tsconfig.json
webpack.config.js Bug 35919: Add record sources admin page 2024-04-26 17:06:04 +02:00
yarn.lock Bug 37303: Update yarn.lock after adding new dependency to packages.json 2024-08-05 15:32:23 +02:00

README.md

Koha is a free software integrated library system (ILS).

Koha is distributed under the GNU GPL version 3 or later.

Note: Koha does not accept pull requests from git hosting sites.

Note: This project has its own bug tracker, to report a bug or submit a patch visit http://bugs.koha-community.org.

For guidelines on submitting patches for Koha please visit https://wiki.koha-community.org/wiki/SubmitingAPatch

The developers handbook can be found at https://wiki.koha-community.org/wiki/Developer_handbook

http://koha-community.org/

Koha Logo