Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Main Koha release repository https://koha-community.org
51116 commits 35 branches 616 tags 1.8 GiB
Perl 45.6%
JavaScript 39.3%
HTML 7.2%
XSLT 3.7%
Vue 1.4%
Other 2.3%
Find a file
Amit Gupta 4da9bd00e1
Bug 37323: Escape characters in patron image picture upload 
To Test
1. Create a file name for example: test.zip`curl xxxxtesting.informaticsglobal.com`.zip
   where the domain is one you can watch the logs from.
2. Go to Tools and click on Upload patron images choose option zip file and upload the file.
3. Check /var/log/apache2/access.log and see the curl with the IP
   "xx.xxx.xx.xxx - - [11/Jul/2024:23:10:33 +0530] "GET / HTTP/1.1" 200 267 "-" "curl/7.68.0"
4. Apply the patch
5. Repeat 2 and 3 step and check no error is coming for the Remote execution error.
6. Test uploading actual zip file and images still works.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2024-08-13 11:05:28 -03:00
acqui Bug 35927: Selecting MARC framework again doesn't work when adding to basket from an external source 2024-05-30 19:10:54 +00:00
admin Bug 33099: Add missing MARC21 Match authority mappings so "Search all headings" search works 2024-05-30 19:29:19 +00:00
api Bug 37018: Add 400 response definition to all routes 2024-07-23 04:42:52 +00:00
authorities Bug 36792: Limit POSIX imports 2024-05-31 15:56:28 +00:00
basket Bug 34731: Don't call SendQueuedMessages if message_id is bad 2023-09-14 07:54:48 -10:00
bin
C4 Bug 36520: Prevent SQL injection in GetPreparedLetter 2024-06-07 13:16:28 +00:00
catalogue Bug 36834: (Bug 29697 follow-up) Koha explodes when trying to open in Labeled MARC view a bibliographic record with an invalid biblionumber 2024-05-31 13:11:16 +00:00
cataloguing Bug 36792: Limit POSIX imports 2024-05-31 15:56:28 +00:00
circ Bug 37210: Properly escape SQL query parameters by using bind values 2024-07-23 23:16:39 +00:00
clubs Bug 30718: Use flatpickr's altInput 2022-08-19 08:26:31 -03:00
course_reserves Bug 20256: Use new methods 2023-02-02 11:59:26 -03:00
debian Bug 36531: Serve text/javascript compressed, like application/javascript is 2024-05-28 17:46:35 +00:00
docs Bug 35504: Corrections to wiki team 2024-02-02 16:16:48 +00:00
erm Bug 32922: Remove space in shebang 2023-02-20 09:44:06 -03:00
errors Bug 29420: HTTP status code incorrect when calling error pages directly under Plack/PSGI 2022-04-20 09:03:39 -10:00
etc Bug 34041: (follow-up) escape double dashes to prevent issues 2024-05-30 19:07:54 +00:00
ill Bug 28909: Allow illview to use backend template 2022-08-09 13:21:39 -03:00
installer Increment version for 23.05.13 release 2024-07-25 05:10:56 +00:00
Koha Merge branch '23.05.x' into 23.05.x-security 2024-07-25 04:53:25 +00:00
koha-tmpl Bug 37255: Fix handling of "All" values on waiting hold cancellation policy 2024-08-13 11:05:27 -03:00
labels Bug 36511: Some scripts missing a dependency following Bug 24879 2024-04-11 14:28:13 +00:00
lib/CGI/Session/Serialize Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
members Bug 33849: Do not reset new patrons home library when error occurs 2024-05-30 19:15:53 +00:00
misc Update release notes for 23.05.13 release 2024-07-29 11:50:15 +12:00
offline_circ Bug 33961: Remove built-in offline circ tool 2023-07-17 08:18:59 +01:00
opac Bug 36816: Remove warning 2024-07-15 06:28:26 +00:00
patron_lists Bug 16446: Add ability to add patrons to list by borrowernumber 2021-10-21 12:24:04 +02:00
patroncards Bug 24001: Fix patron card template edition 2022-04-28 10:49:20 -10:00
plugins Bug 30367: (follow-up) Same adjustment for gitlab 2023-05-05 10:18:57 -03:00
pos Bug 34731: Don't call SendQueuedMessages if message_id is bad 2023-09-14 07:54:48 -10:00
recalls Bug 34013: Recalls awaiting pickup doesn't show count on each tab 2023-07-17 14:51:00 +01:00
reports Bug 31988: Remove reports/itemtypes.plugin 2024-03-26 15:54:33 +00:00
reserve Bug 35979: Check pref before inserting holds_queue background jobs 2024-05-28 20:22:48 +00:00
reviews Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
rotating_collections Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
serials Bug 37247: [23.05.x] Send Koha::Subscription to template 2024-07-25 02:17:34 +00:00
services Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
skel
suggestion Bug 34963: Restore the ability to blank fields when editing a suggestion 2024-05-28 19:45:09 +00:00
svc Bug 34913: Adjust C4::Utils::DataTables::VirtualShelves 2024-03-19 19:19:13 +00:00
t Merge branch '23.05.x' into 23.05.x-security 2024-07-25 04:53:25 +00:00
tags Bug 30718: Use flatpickr's altInput 2022-08-19 08:26:31 -03:00
tools Bug 37323: Escape characters in patron image picture upload 2024-08-13 11:05:28 -03:00
virtualshelves Bug 36858: Remove warnings 2024-05-31 13:21:45 +00:00
xt Bug 37018: Add 400 response definition to all routes 2024-07-23 04:42:52 +00:00
.editorconfig Bug 27375: Set YAML file settings in .editorconfig 2021-11-03 15:40:52 +01:00
.eslintrc.json
.gitignore Bug 35174: Add misc/translator/po to .gitignore 2023-11-22 09:34:59 +01:00
.htaccess
.mailmap Bug 36943: (follow-up) 24.05.00 - Update .mailmap 2024-05-31 15:30:58 +00:00
.perlcriticrc
.perltidyrc Bug 30002: Adjust perltidy 2023-07-12 07:55:00 +01:00
.proverc.dist Bug 19821: Install sample data, ES mappings and Version syspref 2021-10-25 11:27:40 +02:00
.stylelintrc.json Bug 31528: (follow-up) A few additional rules 2022-10-03 08:23:15 -03:00
about.pl Bug 36134: Read complete Elasticsearch configuration in about.pl 2024-03-19 20:05:37 +00:00
app.psgi Bug 36149: Add userenv middleware to app.psgi 2024-05-01 15:35:19 +00:00
build-resources.PL Bug 32609: Use the current yarn.lock to generate node_modules 2023-02-10 11:07:57 -03:00
changelanguage.pl
cpanfile Bug 33964: (QA follow-up) Remove library from cpanfile 2023-08-07 20:05:46 -10:00
cypress.json Bug 33408: Extend defaultCommandTimeout for cypress 2023-04-13 11:48:00 -03:00
fix-perl-path.PL Bug 28606: Remove $DEBUG and $ENV{DEBUG} 2021-06-24 11:53:44 +02:00
gulpfile.js Bug 36730: (Bug 35428 follow-up) po files (sometimes) fail to update 2024-05-28 21:44:03 +00:00
help.pl Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
INSTALL
Koha.pm Increment version for 23.05.13 release 2024-07-25 05:10:56 +00:00
kohaversion.pl
LICENSE
mainpage.pl Bug 35019: Add a CSRF token when deleting news 2023-10-25 20:22:12 -10:00
Makefile.PL Bug 26700: Remove occurrences in Makefile.PL 2023-07-17 11:01:46 +01:00
MANIFEST.SKIP
package.json Bug 33066: Introduce a KohaTable Vue component 2023-04-10 07:38:28 -03:00
README
README.md
README.robots
rewrite-config.PL
tsconfig.json Bug 32030: Move cypress to t - fix build_js/watch_js 2022-11-08 09:44:52 -03:00
webpack.config.js Bug 32806: Move main-erm.ts to modules/erm.ts 2023-02-27 11:12:01 -03:00
yarn.lock Bug 33066: Introduce a KohaTable Vue component 2023-04-10 07:38:28 -03:00

README.md

Koha is a free software integrated library system (ILS).

Koha is distributed under the GNU GPL version 3 or later.

Note: Koha does not accept pull requests from git hosting sites.

Note: This project has its own bug tracker, to report a bug or submit a patch visit http://bugs.koha-community.org.

For guidelines on submitting patches for Koha please visit https://wiki.koha-community.org/wiki/SubmitingAPatch

The developers handbook can be found at https://wiki.koha-community.org/wiki/Developer_handbook

http://koha-community.org/

Koha Logo