Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/tools
History
Amit Gupta 50968f4c3f
Bug 37323: Escape characters in patron image picture upload 
To Test
1. Create a file name for example: test.zip`curl xxxxtesting.informaticsglobal.com`.zip
   where the domain is one you can watch the logs from.
2. Go to Tools and click on Upload patron images choose option zip file and upload the file.
3. Check /var/log/apache2/access.log and see the curl with the IP
   "xx.xxx.xx.xxx - - [11/Jul/2024:23:10:33 +0530] "GET / HTTP/1.1" 200 267 "-" "curl/7.68.0"
4. Apply the patch
5. Repeat 2 and 3 step and check no error is coming for the Remote execution error.
6. Test uploading actual zip file and images still works.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 5c931e00f73e91467581fd29721e5af8d7fa98ab)
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-08-16 16:22:19 +02:00
..
csv-profiles
access_files.pl Bug 33341: Address some perlcritic errors in 5.36 2023-03-28 14:50:33 +02:00
additional-contents.pl Bug 34478: op =~ ^cud- in pl/pm 2024-03-01 10:56:11 +01:00
ajax-inventory.pl Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
automatic_item_modification_by_age.pl Bug 36634: Replace cud-show with show in tools/automatic_item_modification_by_age.pl 2024-04-19 18:06:38 +02:00
batch_delete_records.pl Bug 27893: Optionally skip biblio with open orders in batch delete 2024-04-19 18:06:32 +02:00
batch_extend_due_dates.pl Bug 34478: op =~ ^cud- in pl/pm 2024-03-01 10:56:11 +01:00
batch_record_modification.pl Bug 34478: SQUASH Follow-up to previous batch operations patches 2024-03-01 11:00:05 +01:00
batch_records_ajax.pl Bug 34913: Adjust "Manage staged MARC records" 2024-01-26 15:13:43 +01:00
batchMod.pl Bug 36326: Fix batch item mod/del access from biblio detail page 2024-03-22 12:26:36 +01:00
cleanborrowers.pl Bug 36526: Remove circular dependency from Koha::Objects 2024-05-03 16:02:44 +02:00
copy-holidays.pl Bug 34478: Changes for tools/holidays 2024-03-01 10:58:36 +01:00
csv-profiles.pl Bug 34478: Correct op name in CSV profile deletion confirmation step 2024-03-01 11:00:07 +01:00
exceptionHolidays.pl Bug 34478: Changes for tools/holidays 2024-03-01 10:58:36 +01:00
export.pl Bug 34478: op =~ ^cud- in pl/pm 2024-03-01 10:56:11 +01:00
holidays.pl Bug 30718: Use flatpickr's altInput 2022-08-19 08:26:31 -03:00
import_borrowers.pl Bug 34621: implement Patron import option to 'Renew existing patrons' 'from the current membership expiry date' 2024-04-12 14:02:41 +02:00
inventory.pl Bug 36305: (QA follow-up) Enforce op values in script 2024-03-15 09:38:55 +01:00
letter.pl Bug 36815: (follow-up) Fix logic for new languages 2024-06-27 14:04:52 +02:00
manage-marc-import.pl Bug 34478: op =~ ^cud- in pl/pm 2024-03-01 10:56:11 +01:00
marc_modification_templates.pl Bug 34478: Fixes for MARC modification template management 2024-03-01 11:00:05 +01:00
modborrowers.pl Bug 37129: Patron attributes linked to an authorized value don't show a select menu in batch modification 2024-06-21 15:02:48 +02:00
newHolidays.pl Bug 34478: Changes for tools/holidays 2024-03-01 10:58:36 +01:00
overduerules.pl Bug 34478: op =~ ^cud- in pl/pm 2024-03-01 10:56:11 +01:00
page.pl Bug 36875: Staff counterpart 2024-06-20 17:55:38 +02:00
picture-upload.pl Bug 37323: Escape characters in patron image picture upload 2024-08-16 16:22:19 +02:00
problem-reports.pl Bug 34478: Manual fix - problem_reports 2024-03-01 10:56:59 +01:00
quotes-upload.pl Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
quotes.pl Bug 34478: op =~ ^cud- in pl/pm 2024-03-01 10:56:11 +01:00
scheduler.pl Bug 34478: (QA follow-up) Rename change to delete 2024-03-01 10:58:42 +01:00
showdiffmarc.pl Bug 31526: Follow-up for bug 29697 2022-09-16 10:25:48 -03:00
stage-marc-import.pl Bug 34478: Changes for tools/stage-marc-import 2024-03-01 10:58:40 +01:00
stockrotation.pl Bug 36193: cud- treatment for tools/stockrotation.pl 2024-03-12 17:47:33 +01:00
tools-home.pl Bug 33595: (bug 26628 follow-up) Fix authorization for tools-home.pl 2023-05-16 11:47:15 +02:00
upload-cover-image.pl Bug 34478: (follow-up) upload-cover-image.pl: Remove bitwise-and from condition 2024-03-01 10:59:56 +01:00
upload-file.pl Bug 28785: Adjust check_cookie_auth calls 2021-10-18 11:28:41 +02:00
upload.pl Bug 34478: Changes for tools/upload 2024-03-01 10:58:42 +01:00
viewlog.pl Bug 35782: Replace TT plugin's method Biblio::HoldsCount 2024-03-15 09:38:39 +01:00