Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Main Koha release repository https://koha-community.org
54666 commits 35 branches 616 tags 1.8 GiB
Perl 45.6%
JavaScript 39.3%
HTML 7.2%
XSLT 3.7%
Vue 1.4%
Other 2.3%
Find a file
David Cook 623e1c5912
Bug 37464: Validate "type" sent to barcode/svc 
This change validates the "type" sent to the barcode/svc. Without this
change, we pass the user input directly to GD::Barcode, which passes
the input into an eval{} block without any validation of its own.

Test plan:
0. Apply the patch
1. koha-plack --reload kohadev
2. Go to http://localhost:8081/cgi-bin/koha/svc/barcode?type=bad&barcode=123456
3. Note that a Code39 barcode is provided for an invalid type
4. Go to http://localhost:8081/cgi-bin/koha/svc/barcode?type=Code39&barcode=123456
5. Note that a Code39 barcode is provided
6. Go to http://localhost:8081/cgi-bin/koha/svc/barcode?type=UPCE&barcode=123456
7. Note that a non-Code39 barcode is provided (presumably UPCE)

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 73b0c3cf621250008845f22f7a36f90a48e00b06)
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-08-16 16:22:21 +02:00
acqui Bug 37343: Fixed search for vendors when transferring an item in acquistions 2024-07-22 07:37:24 +01:00
admin Bug 37263: Fix URL param retrieval 2024-08-02 18:59:56 +02:00
api Bug 36217: Fix background jobs page's include_last_hour filter 2024-08-09 17:36:19 +02:00
authorities Bug 37235: Fix export of single authority record 2024-07-08 17:49:19 +02:00
basket Bug 34478: Add 'op' to sendbasketform 2024-03-01 10:58:53 +01:00
bin Bug 20582: Turn Koha into a Mojolicious application 2020-10-06 12:00:04 +02:00
bookings Bug 35574: Bookings tab from biblio details should only require manage_bookings permission 2023-12-18 15:21:04 +01:00
C4 Bug 37104: (Follow-up) Checks for unitialized value of 'anonymous_patron' system pref 2024-08-16 16:22:19 +02:00
catalogue Bug 37425: Check for existence of biblio object before fetching cover images 2024-07-25 11:01:29 +01:00
cataloguing Bug 37371: Move Maskito init to onReady in dateaccessioned.pl 2024-07-22 07:33:18 +01:00
circ Bug 37210: Properly escape SQL query parameters by using bind values 2024-08-01 17:26:46 +02:00
clubs Bug 34478: Manual fix - add op clubs/templates-add-modify 2024-03-01 10:57:55 +01:00
course_reserves Bug 28762: Use Koha::Course in course-details controller 2024-07-23 16:04:05 +01:00
debian Bug 29507: Speed up auto renew cronjob via parallel processing 2024-07-05 15:48:11 +02:00
docs Bug 37003: (follow-up) Amend 22.11 RMaint 2024-06-25 18:34:14 +02:00
erm Bug 32922: Remove space in shebang 2023-02-20 09:44:06 -03:00
errors Bug 36148: Improve error handling and restore programming errors 2024-03-01 11:01:06 +01:00
etc Bug 29507: Speed up auto renew cronjob via parallel processing 2024-07-05 15:48:11 +02:00
ill Bug 35106: CSRF fix 2024-04-29 18:53:09 +02:00
installer Bug 37593: Removed all instances of 'this this' in the codebase 2024-08-16 16:22:17 +02:00
Koha Bug 37593: Removed all instances of 'this this' in the codebase 2024-08-16 16:22:17 +02:00
koha-tmpl Bug 37575: Typo 'AutoCreateAuthorites' in about.pl 2024-08-16 16:22:18 +02:00
labels Bug 37206: Removing an item from a label batch should be a CSRF-protected POST operation 2024-07-02 17:20:38 +02:00
lib Bug 35681: Use ::Bootstrap version of FromANSI 2024-05-02 16:47:39 +02:00
members Bug 28924: (QA follow-up) Use $self instead of $patron 2024-07-18 18:25:55 +02:00
misc Bug 37613: (Follow-up) Change the option and documentation to match terminology guidelines 2024-08-12 14:01:07 +02:00
offline_circ Bug 34478: Changes for offline_circ 2024-03-01 10:58:34 +01:00
opac Bug 37339: Set messaging preferences from default on self registration 2024-07-18 17:53:11 +02:00
patron_lists Bug 34478: Changes for patron_lists/add-modify 2024-03-01 10:57:41 +01:00
patroncards Bug 36877: (follow-up) Fix op eq edit to op eq edit_form in edit-batch.pl 2024-05-17 12:03:52 +02:00
plugins Bug 30897: Add option to disable automated restart 2024-04-11 16:53:42 +02:00
pos Bug 33478: Apply formatting to RECEIPT 2024-04-26 20:15:44 +02:00
preservation Bug 34030: Add a "print slips" action links to print in batch 2023-10-23 11:33:55 -03:00
recalls Bug 33478: Apply formatting to RECALL_REQUESTER_DET 2024-04-26 20:15:45 +02:00
reports Bug 37108: Cash register statistics wizard is wrongly sorting payment by manager_id branchcode 2024-07-12 10:21:29 +02:00
reserve Bug 30579: Disentangle multi-hold and single bib forms 2024-05-07 15:53:57 +02:00
reviews Bug 37074: Comment approval and un-approval should be CSRF-protected 2024-08-01 17:26:34 +02:00
rotating_collections Bug 34478: Manual fix - add op - rotating_collections/addItems 2024-03-01 10:57:33 +01:00
serials Bug 37247: Fix display of "closed" 2024-08-01 17:26:38 +02:00
services Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
skel
suggestion Bug 37337: Pass the save $op when biblio_exists 2024-07-18 17:53:12 +02:00
svc Bug 37464: Validate "type" sent to barcode/svc 2024-08-16 16:22:21 +02:00
t Bug 37575: Typo 'AutoCreateAuthorites' in about.pl 2024-08-16 16:22:18 +02:00
tags Bug 34478: Add 'op' to tags/review 2024-03-01 10:58:25 +01:00
tools Bug 37488: Validate paths in datalink.txt/idlink.txt files 2024-08-16 16:22:21 +02:00
virtualshelves Bug 37285: (QA follow-up) Perl Tidy 2024-07-26 13:56:33 +01:00
xt Bug 37018: Add 400 response definition to all routes 2024-08-01 17:26:44 +02:00
.editorconfig Bug 27375: Set YAML file settings in .editorconfig 2021-11-03 15:40:52 +01:00
.eslintrc.json Bug 36400: Centralize {js,ts,vue} formatting config in .prettierrc.js 2024-04-22 08:57:39 +02:00
.gitignore Bug 36546: (QA follow-up) Add bundle spec to .gitignore 2024-04-30 15:55:37 -03:00
.htaccess
.mailmap Bug 36943: (follow-up) 24.05.00 - Update .mailmap 2024-05-24 15:36:40 +02:00
.perlcriticrc Bug 25898: Prohibit indirect object notation 2020-10-15 12:56:30 +02:00
.perltidyrc Bug 30002: Adjust perltidy 2023-06-08 08:32:42 -03:00
.prettierrc.js Bug 36400: (follow-up) remove option editorconfig from .prettierrc.js 2024-04-22 08:57:40 +02:00
.proverc.dist Bug 19821: Install sample data, ES mappings and Version syspref 2021-10-25 11:27:40 +02:00
.stylelintrc.json Bug 31528: (follow-up) A few additional rules 2022-10-03 08:23:15 -03:00
about.pl Bug 37260: Check message broker for both 'about' and 'sysinfo' tabs 2024-07-22 07:35:31 +01:00
app.psgi Bug 36149: Add userenv middleware to app.psgi 2024-05-14 15:04:37 -03:00
build-resources.PL Bug 32609: Use the current yarn.lock to generate node_modules 2023-02-10 11:07:57 -03:00
changelanguage.pl Bug 25898: Prohibit indirect object notation 2020-10-15 12:56:30 +02:00
cpanfile Bug 25159: Add ability to specify a pre-modified version of action log data and store as diff 2024-05-02 16:47:42 +02:00
cypress.config.ts Bug 36012: Extend cypress's requestTimeout value 2024-03-22 15:07:36 +01:00
fix-perl-path.PL Bug 28606: Remove $DEBUG and $ENV{DEBUG} 2021-06-24 11:53:44 +02:00
gulpfile.js Bug 36730: (Bug 35428 follow-up) po files (sometimes) fail to update 2024-05-07 15:53:44 +02:00
help.pl Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
INSTALL Bug 26617: Update INSTALL file to include koha-testing-docker and Gitlab links 2020-10-15 12:56:30 +02:00
Koha.pm Bug 36758: DBRev 24.06.00.023 2024-08-09 18:44:52 +02:00
kohaversion.pl
LICENSE
mainpage.pl Bug 30493: (QA follow-up) Fix for the only_my_library case as well 2024-06-21 15:02:54 +02:00
Makefile.PL Bug 36546: Deploy swagger_bundle.json via make 2024-04-30 14:32:10 +02:00
MANIFEST.SKIP
package.json Bug 37303: Replace po2json with a JS version 2024-07-26 14:49:53 +01:00
README
README.md Bug 27092: Remove note about "synced repo" from README.md 2020-11-25 16:31:58 +01:00
README.robots
rewrite-config.PL Bug 28519: Put CGI::Session::Serialize::yamlxs in lib directory 2021-06-17 10:07:36 +02:00
tsconfig.json Bug 32030: Move cypress to t - fix build_js/watch_js 2022-11-08 09:44:52 -03:00
webpack.config.js Bug 35919: Add record sources admin page 2024-04-26 17:06:04 +02:00
yarn.lock Bug 37303: Update yarn.lock after adding new dependency to packages.json 2024-08-05 15:32:23 +02:00

README.md

Koha is a free software integrated library system (ILS).

Koha is distributed under the GNU GPL version 3 or later.

Note: Koha does not accept pull requests from git hosting sites.

Note: This project has its own bug tracker, to report a bug or submit a patch visit http://bugs.koha-community.org.

For guidelines on submitting patches for Koha please visit https://wiki.koha-community.org/wiki/SubmitingAPatch

The developers handbook can be found at https://wiki.koha-community.org/wiki/Developer_handbook

http://koha-community.org/

Koha Logo