Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Main Koha release repository https://koha-community.org
28131 commits 35 branches 616 tags 1.8 GiB
Perl 45.6%
JavaScript 39.3%
HTML 7.2%
XSLT 3.7%
Vue 1.4%
Other 2.3%
Find a file
Jonathan Druart 4e40339db3 Bug 17830: CSRF - Handle unicode characters in userid 
If the userid of the logged in user contains unicode characters, the token
will not be generated correctly and Koha will crash with:
  Wide character in subroutine entry at /usr/share/perl5/Digest/HMAC.pm line 63.

Test plan:
- Edit a superlibrarian user and set his/her userid to '❤' or any other strings
with unicode characters.
- Login using this patron
- Search for patrons and click on a result.

=> Without this patch, you will get a software error (with "Wide
character in subroutine entry" in the logs).
=> With this patch, everything will go fine

You can also test the other files modified by this patch.

Signed-off-by: Karam Qubsi <karamqubsi@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-12-30 17:47:18 +00:00
acqui Bug 13726 - (QA followup) Fix vendor retrieval in invoices.pl 2016-12-30 11:54:33 +00:00
admin Bug 13726: Make Koha::Acq::Bookseller using Koha::Object 2016-12-30 11:54:32 +00:00
api/v1 Bug 17086: Reword borrowers to patrons in Swagger tags for holds 2016-11-22 11:31:08 +00:00
authorities Bug 17118: (follow-up 15381) Fix regression when clearing a linked authority 2016-09-02 14:01:34 +00:00
basket Bug 17830: CSRF - Handle unicode characters in userid 2016-12-30 17:47:18 +00:00
C4 Bug 17569: Remove C4::Members::GetUpcomingMembershipExpires 2016-12-30 11:55:14 +00:00
catalogue Bug 13726: Make Koha::Acq::Bookseller using Koha::Object 2016-12-30 11:54:32 +00:00
cataloguing Bug 16203: Convert item plugins to new style (see bug 10480) 2016-12-16 11:55:27 +00:00
circ Bug 17578: GetMemberDetails - Remove GetMemberDetails 2016-12-16 13:12:44 +00:00
course_reserves Bug 15758: Koha::Libraries - Remove GetBranchesLoop 2016-09-08 14:36:02 +00:00
debian Bug 17520: add serialsUpdate.pl to the list of regular cron jobs 2016-12-28 13:33:23 +00:00
docs Bug 7143 : More new devs 2016-07-22 17:14:08 +00:00
errors
etc Bug 13029 : Follow up 2016-12-16 11:33:39 +00:00
install_misc Bug 16770: Remove 2 other occurrences of libmemoize-memcached-perl 2016-06-24 14:05:56 +00:00
installer Bug 17767 - DBRev 16.12.00.001 2016-12-28 13:59:03 +00:00
Koha Bug 17569: [QA Follow-up] Small changes 2016-12-30 11:55:15 +00:00
koha-tmpl Bug 17209: Remove use of onclick from masthead 2016-12-28 13:47:15 +00:00
labels Bug 17301: Follow-up - Standardize headings 2016-09-25 15:49:10 +00:00
members Bug 17830: CSRF - Handle unicode characters in userid 2016-12-30 17:47:18 +00:00
misc Bug 17569: Do not limit by branch if option is not passed 2016-12-30 11:55:14 +00:00
offline_circ Bug 15902 [QA Followup] - Use Koha::Patrons instead of Koha::Borrowers 2016-09-27 13:53:23 +00:00
opac Bug 17830: CSRF - Handle unicode characters in userid 2016-12-30 17:47:18 +00:00
OpenILS
patron_lists
patroncards Bug 15415 [QA Followup] - Make code more readable 2016-12-23 11:31:00 +00:00
plugins Bug 16586: Koha Plugins: Limit results of GetPlugins by metadata 2016-09-09 12:13:39 +00:00
reports Bug 17642: [QA Follow-up] Issues_stats.pl is not plack safe 2016-11-18 15:52:01 +00:00
reserve Bug 17556: Koha::Patrons - Remove GetHideLostItemsPreference 2016-12-09 18:53:40 +00:00
reviews Bug 15839: Koha::Reviews - Remove C4::Review residue 2016-09-09 10:31:00 +00:00
rotating_collections Bug 15758: Koha::Libraries - Remove GetBranches 2016-09-08 14:36:03 +00:00
serials Bug 13726: Fix for serials/acqui-search-result.pl 2016-12-30 11:54:32 +00:00
services
skel
sms
suggestion Bug 17252 - Koha::AuthorisedValues - Remove GetAuthorisedValueByCode 2016-10-21 15:35:21 +00:00
svc Bug 17375: Search by dateofbirth - handle invalid dates 2016-10-27 13:18:32 +00:00
t Bug 17569: [QA Follow-up] Small changes 2016-12-30 11:55:15 +00:00
tags Bug 16154: CGI->multi_param - Assign a list 2016-04-26 23:16:43 +00:00
test
tmp/modified_authorities
tools Bug 17830: CSRF - Handle unicode characters in userid 2016-12-30 17:47:18 +00:00
virtualshelves Bug 17094: Make Koha::Virtualshelf methods return Koha::Objects-based objects 2016-10-11 13:14:46 +00:00
xt
.editorconfig
.htaccess Fix file permissions: if it is not a script, it should not be executable. 2010-04-16 00:40:34 -04:00
.mailmap
about.pl Bug 17274: Display the place where the memcached is picked 2016-11-02 10:55:54 +00:00
changelanguage.pl Bug 16776: Do not forget external language choice in language switcher 2016-08-10 13:51:33 +00:00
edithelp.pl Bug 16447: Remove occurrence of the borrow permission which does no longer exist 2016-05-05 21:28:14 +00:00
fix-perl-path.PL
help.pl Bug 16724: Fix link to the online documentation links 2016-06-24 12:00:42 +00:00
INSTALL Bug 17626: Remove existing install instructions and link to the wiki pages instead 2016-11-22 11:29:07 +00:00
install-CPAN.pl
Koha.pm Bug 17767 - DBRev 16.12.00.001 2016-12-28 13:59:03 +00:00
koha_perl_deps.pl
kohaversion.pl
LICENSE
mainpage.pl Bug 14610 - Add and update scripts 2016-10-26 12:15:14 +00:00
Makefile.PL Bug 16952: Czech language definitions for sorting in Zebra 2016-10-28 15:33:00 +00:00
MANIFEST.SKIP
README
README.md
README.robots
rewrite-config.PL

README.md

Koha is a free software integrated library system (ILS).

Koha is distributed under the GNU GPL version 3 or later.

Note: This is a synced mirror of the official Koha repo.

Note: Koha does not accept pull requests from git hosting sites.

Note: This project has its own bug tracker, to report a bug or submit a patch visit http://bugs.koha-comminity.org.

For guidelines on submitting patches for Koha please visit https://wiki.koha-community.org/wiki/SubmitingAPatch

The developers handbook can be found at https://wiki.koha-community.org/wiki/Developer_handbook

http://koha-community.org/

Koha Logo