Koha-community/Koha: Main Koha release repository - Koha: The world's first free and open source library system

Main Koha release repository https://koha-community.org

Find a file

Tomas Cohen Arazi 4452036d1c Bug 25009: Avoid leakages in opac-showmarc.pl This patch cleans opac-showmarc.pl so it doesn't allow retrieving records from import batches without requiring any permissions in the OPAC. it does so by just removing the code portion that does that. It also cleans the record fetch operation and how the record processor is initialized to it actually works :-D To test: 1. Perform a successful Z39.50 search in cataloguing (this fetches 20 records usually) 2. Query your DB for a valid import_record_id: $ koha-mysql kohadev > SELECT * FROM import_records LIMIT 1; 3. Notice some of the MARCXML details (title, author, etc), and the import_record_id 4. Point your browser to the opac-showmarc.pl URL like this: http://kohadev.mydnsname.org:8080/cgi-bin/koha/opac-showmarc.pl?importid=20 => FAIL: You get the record! (Bonus: no field/subfield takes place) 5. Hide some obvious subfield on the framework for a known (to you) biblionumber 6. Point your browser to: http://kohadev.mydnsname.org:8080/cgi-bin/koha/opac-showmarc.pl?id=<biblionumber_here> => FAIL: No filtering takes place 7. Apply this patch 8. Repeat 4 => SUCCESS: You get an error because you did a bad request (no id param) 9. Repeat 6 => SUCCESS: Subfield filtering actually works! 10. Sign off :-D Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>		2020-04-27 10:44:10 +01:00
acqui	Bug 25223: Make join of aqbasket and aqorders explicit	2020-04-22 09:29:13 +01:00
admin	Bug 20484: (RM follow-up) Highlight ES disablement	2020-04-21 12:14:13 +01:00
api/v1
authorities
basket
C4	Bug 20816: Add ability to define custom templated fields in SIP patron responses	2020-04-22 13:31:59 +01:00
catalogue	Bug 23591: Hide archived suggestions	2020-04-14 16:36:41 +01:00
cataloguing	Bug 24027: Call ModZebra once after all items added/deleted in a batch	2020-04-14 08:14:42 +01:00
circ	Bug 24840: Replace DateTime->now with dt_from_string	2020-04-08 11:54:23 +01:00
clubs
course_reserves	Bug 23727: Editing course reserve items is broken	2020-04-17 13:45:56 +01:00
debian	Bug 16922: Add RewriteRule to apache-shared-intranet for dev package installs	2020-04-27 10:43:16 +01:00
docs	Koha 19.12 - Dobbie is a free elf...	2019-12-02 17:13:15 +00:00
errors
etc	Bug 20816: Add ability to define custom templated fields in SIP patron responses	2020-04-22 13:31:59 +01:00
ill	Bug 23173: (follow-up) Small improvements in efficiency	2020-04-06 11:05:09 +01:00
installer	Bug 24913: DBRev 19.12.00.078	2020-04-21 12:34:04 +01:00
Koha	Bug 25172: Remove _recheck_logfile	2020-04-22 13:43:58 +01:00
koha-tmpl	Bug 25172: Add missing filter	2020-04-22 13:44:16 +01:00
labels
members	Bug 22534: (RM follow-up) Remove errant hidden file	2020-04-14 11:08:32 +01:00
misc	Bug 24183: (RM follow-up) Remove re-introduced UseKohaPlugins	2020-04-22 12:24:27 +01:00
offline_circ
opac	Bug 25009: Avoid leakages in opac-showmarc.pl	2020-04-27 10:44:10 +01:00
patron_lists
patroncards
plugins	Bug 20415: Remove UseKohaPlugins system preference	2020-03-26 11:42:02 +00:00
pos	Bug 25139: Corrections to date picker handling	2020-04-15 08:33:07 +01:00
reports	Bug 24940: Serials statistics wizard: order vendor list alphabetically	2020-04-08 11:46:21 +01:00
reserve	Bug 16547: Do not display "multi holds" view if only one is selected	2020-04-06 10:41:02 +01:00
reviews
rotating_collections
serials	Bug 25081: Fix wrong comment	2020-04-08 11:53:37 +01:00
services
skel
suggestion	Bug 24819: (follow-up) Rename suggestor to suggester	2020-04-20 13:36:42 +01:00
svc	Bug 4461: Fix status and borrowernumber fields in problem_reports and more	2020-04-06 11:18:59 +01:00
t	Bug 25172: Fix Auth_with_ldap.t	2020-04-22 15:43:16 +01:00
tags
tmp/modified_authorities
tools	Bug 14369: Only show 'Create labels' link on staged records import when status is imported	2020-04-21 12:28:56 +01:00
virtualshelves
xt
.editorconfig
.eslintrc.json
.gitignore
.htaccess
.mailmap
.scss-lint.yml
about.pl	Bug 25172: Identify and display possible problems on the about page	2020-04-22 13:44:12 +01:00
changelanguage.pl
cpanfile
fix-perl-path.PL
gulpfile.js
help.pl
INSTALL
Koha.pm	Bug 24913: DBRev 19.12.00.078	2020-04-21 12:34:04 +01:00
koha_perl_deps.pl
kohaversion.pl
LICENSE
mainpage.pl	Bug 4461: Fix status and borrowernumber fields in problem_reports and more	2020-04-06 11:18:59 +01:00
Makefile.PL	Bug 25109: Add lockdir configuration entry	2020-04-14 16:56:44 +01:00
MANIFEST.SKIP	Bug 9546 : Updating make manifest tardist	2013-02-06 23:54:46 -05:00
package.json
README
README.md
README.robots
rewrite-config.PL
yarn.lock

README.md

Koha is a free software integrated library system (ILS).

Koha is distributed under the GNU GPL version 3 or later.

Note: This is a synced mirror of the official Koha repo.

Note: Koha does not accept pull requests from git hosting sites.

Note: This project has its own bug tracker, to report a bug or submit a patch visit http://bugs.koha-community.org.

For guidelines on submitting patches for Koha please visit https://wiki.koha-community.org/wiki/SubmitingAPatch

The developers handbook can be found at https://wiki.koha-community.org/wiki/Developer_handbook

http://koha-community.org/