Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Main Koha release repository https://koha-community.org
54579 commits 35 branches 616 tags 1.8 GiB
Perl 45.6%
JavaScript 39.3%
HTML 7.2%
XSLT 3.7%
Vue 1.4%
Other 2.3%
Find a file
David Cook 4741900611
Bug 37146: Prevent path traversal by validating input 
This patch validates the plugin_name passed to plugin_launcher.pl
against the base path containing the "value_builder" directory.

Test plan:
0. Apply the patch
1. koha-plack --reload kohadev
2. Go to http://localhost:8081/cgi-bin/koha/cataloguing/addbiblio.pl?biblionumber=29
3. Check that the tag editor for leader still works
4. Go to http://localhost:8081/cgi-bin/koha/cataloguing/additem.pl?biblionumber=29
5. Check that the pluginf or "Date acquired" still works

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-08-01 17:26:37 +02:00
acqui Bug 37343: Fixed search for vendors when transferring an item in acquistions 2024-07-22 07:37:24 +01:00
admin Bug 37366: Patron category "Password change in OPAC" setting only follows system preference 2024-07-26 13:56:33 +01:00
api Bug 36480: (follow-up) Add missing library_id parameter 2024-07-22 14:52:29 +01:00
authorities Bug 37235: Fix export of single authority record 2024-07-08 17:49:19 +02:00
basket
bin
bookings
C4 Bug 37476: Fix reserved word error on Serials.pm on MySQL 8 2024-07-26 14:50:45 +01:00
catalogue Bug 37425: Check for existence of biblio object before fetching cover images 2024-07-25 11:01:29 +01:00
cataloguing Bug 37371: Move Maskito init to onReady in dateaccessioned.pl 2024-07-22 07:33:18 +01:00
circ Bug 36547: (QA follow-up) Tidy overdue.pl 2024-07-23 17:01:33 +01:00
clubs
course_reserves Bug 28762: Use Koha::Course in course-details controller 2024-07-23 16:04:05 +01:00
debian Bug 29507: Speed up auto renew cronjob via parallel processing 2024-07-05 15:48:11 +02:00
docs Bug 37003: (follow-up) Amend 22.11 RMaint 2024-06-25 18:34:14 +02:00
erm
errors
etc Bug 29507: Speed up auto renew cronjob via parallel processing 2024-07-05 15:48:11 +02:00
ill
installer Bug 35539: DBRev 24.06.00.021 2024-07-25 11:13:12 +01:00
Koha Bug 37146: Prevent path traversal by validating input 2024-08-01 17:26:37 +02:00
koha-tmpl Bug 37074: Do no pass biblionumber 2024-08-01 17:26:35 +02:00
labels Bug 37206: Removing an item from a label batch should be a CSRF-protected POST operation 2024-07-02 17:20:38 +02:00
lib
members Bug 28924: (QA follow-up) Use $self instead of $patron 2024-07-18 18:25:55 +02:00
misc Bug 37303: Replace po2json with a JS version 2024-07-26 14:49:53 +01:00
offline_circ
opac Bug 37339: Set messaging preferences from default on self registration 2024-07-18 17:53:11 +02:00
patron_lists
patroncards
plugins
pos
preservation
recalls
reports Bug 37108: Cash register statistics wizard is wrongly sorting payment by manager_id branchcode 2024-07-12 10:21:29 +02:00
reserve
reviews Bug 37074: Comment approval and un-approval should be CSRF-protected 2024-08-01 17:26:34 +02:00
rotating_collections
serials Bug 37183: Batch edit serial subscriptions sets expiration date to today 2024-07-01 18:55:40 +02:00
services
skel
suggestion Bug 37337: Pass the save $op when biblio_exists 2024-07-18 17:53:12 +02:00
svc Bug 37031: Club enrollment from staff interface fails due to Entrollment typo 2024-07-11 13:40:49 +02:00
t Bug 37476: Unit tests 2024-07-26 14:50:45 +01:00
tags
tools Bug 36815: (follow-up) Fix logic for new languages 2024-06-27 14:04:52 +02:00
virtualshelves Bug 37285: (QA follow-up) Perl Tidy 2024-07-26 13:56:33 +01:00
xt Bug 37302: Set test to failed if swagger-cli missing 2024-07-22 10:51:55 +01:00
.editorconfig
.eslintrc.json
.gitignore
.htaccess
.mailmap
.perlcriticrc
.perltidyrc
.prettierrc.js
.proverc.dist
.stylelintrc.json
about.pl Bug 37260: Check message broker for both 'about' and 'sysinfo' tabs 2024-07-22 07:35:31 +01:00
app.psgi
build-resources.PL
changelanguage.pl
cpanfile
cypress.config.ts
fix-perl-path.PL
gulpfile.js
help.pl
INSTALL
Koha.pm Bug 35539: DBRev 24.06.00.021 2024-07-25 11:13:12 +01:00
kohaversion.pl
LICENSE
mainpage.pl Bug 30493: (QA follow-up) Fix for the only_my_library case as well 2024-06-21 15:02:54 +02:00
Makefile.PL
MANIFEST.SKIP
package.json Bug 37303: Replace po2json with a JS version 2024-07-26 14:49:53 +01:00
README
README.md
README.robots
rewrite-config.PL
tsconfig.json
webpack.config.js
yarn.lock Bug 37302: (follow-up) Update yarn.lock 2024-07-24 07:49:53 +01:00

README.md

Koha is a free software integrated library system (ILS).

Koha is distributed under the GNU GPL version 3 or later.

Note: Koha does not accept pull requests from git hosting sites.

Note: This project has its own bug tracker, to report a bug or submit a patch visit http://bugs.koha-community.org.

For guidelines on submitting patches for Koha please visit https://wiki.koha-community.org/wiki/SubmitingAPatch

The developers handbook can be found at https://wiki.koha-community.org/wiki/Developer_handbook

http://koha-community.org/

Koha Logo