Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Main Koha release repository https://koha-community.org
28325 commits 35 branches 612 tags 1.8 GiB
Perl 45.3%
JavaScript 39.4%
HTML 7.2%
XSLT 3.9%
Vue 1.4%
Other 2.3%
Find a file
Jonathan Druart 904716f581 Bug 17902: Fix possible SQL injection in serials editing 
/cgi-bin/koha/serials/serials-edit.pl?serstatus=*/+,2,3,'2016-12-12','2016-12-12',6,'jjj7','jjj8'%20--%20-&subscriptionid=1+and+1%3d2+Union+all+select+111+/*

The SQL query is not constructed correctly, placeholders must be used.
Subscription id and status list can be provided by the user.

This vulnerability has been reported by MDSec.

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-01-30 12:08:31 +00:00
acqui Bug 17771: aqorders.biblionumber was already part of the query 2017-01-19 12:00:16 +00:00
admin Bug 13726: Make Koha::Acq::Bookseller using Koha::Object 2016-12-30 11:54:32 +00:00
api/v1 Bug 17086: Reword borrowers to patrons in Swagger tags for holds 2016-11-22 11:31:08 +00:00
authorities
basket Bug 17830: CSRF - Handle unicode characters in userid 2016-12-30 17:47:18 +00:00
C4 Bug 17902: Fix possible SQL injection in serials editing 2017-01-30 12:08:31 +00:00
catalogue Bug 13726: Make Koha::Acq::Bookseller using Koha::Object 2016-12-30 11:54:32 +00:00
cataloguing Bug 17629: Koha::Biblio - Remove ModBiblioframework 2017-01-13 12:37:08 +00:00
circ Bug 9569: Remove unused occurrence of AutoLocation 2017-01-30 11:25:06 +00:00
course_reserves
debian Bug 16733: [Follow-up] Add $home to api path too 2017-01-20 14:15:27 +00:00
docs Bug 7143: [QA Follow-up] Handling tabs 2017-01-19 13:42:30 +00:00
errors
etc Bug 7533: Add the template_cache_dir entry to koha-conf.xml 2017-01-20 14:13:52 +00:00
install_misc
installer Bug 17813 - DBRev 16.12.00.006 2017-01-20 14:00:47 +00:00
Koha Bug 17501: [Follow-up] QA Requests 2017-01-20 14:20:07 +00:00
koha-tmpl Bug 9569: Update warning message 2017-01-30 11:25:06 +00:00
labels Bug 17900: Fix possible SQL injection in patron cards template editing 2017-01-30 11:19:55 +00:00
members Bug 17905: FIX CSRF in member-flags 2017-01-30 11:24:12 +00:00
misc Bug 17731: Remove noxml option from rebuild_zebra.pl 2017-01-19 13:05:08 +00:00
offline_circ Bug 17501: Remove Koha::Upload::get from Koha::Upload 2017-01-20 14:20:05 +00:00
opac Bug 17901: Force context to scalar 2017-01-30 11:20:49 +00:00
OpenILS
patron_lists
patroncards Bug 17900: Fix possible SQL injection in patron cards template editing 2017-01-30 11:19:55 +00:00
plugins Bug 15879: Allow multiple plugin directories to be defined in koha-conf.xml 2017-01-11 14:03:00 +00:00
reports Bug 17931: Remove unused vars from reserves_stats 2017-01-19 12:47:03 +00:00
reserve Bug 17556: Koha::Patrons - Remove GetHideLostItemsPreference 2016-12-09 18:53:40 +00:00
reviews
rotating_collections Bug 15758: Koha::Libraries - Remove GetBranches 2016-09-08 14:36:03 +00:00
serials Bug 13726: Fix for serials/acqui-search-result.pl 2016-12-30 11:54:32 +00:00
services
skel
sms
suggestion
svc
t Bug 17900: Update the tests to the new API 2017-01-30 11:19:56 +00:00
tags
test
tmp/modified_authorities
tools Bug 17588: get_account_lines->get_balance has been replace with account->balance 2017-01-20 14:25:35 +00:00
virtualshelves Bug 17901: Fix possible SQL injection in shelf editing 2017-01-30 11:20:48 +00:00
xt Bug 17469: Add missing sample notices fr-CA test 2017-01-19 13:39:10 +00:00
.editorconfig
.htaccess
.mailmap
about.pl Bug 7533: Add a warning to the about page if template_cache_dir is not set 2017-01-20 14:13:53 +00:00
changelanguage.pl
edithelp.pl
fix-perl-path.PL
help.pl
INSTALL
install-CPAN.pl
Koha.pm Bug 17813 - DBRev 16.12.00.006 2017-01-20 14:00:47 +00:00
koha_perl_deps.pl
kohaversion.pl
LICENSE
mainpage.pl Bug 14610 - Add and update scripts 2016-10-26 12:15:14 +00:00
Makefile.PL Bug 16083: [QA FOLLOWUP] Add more cli arguments. 2017-01-13 11:48:29 +00:00
MANIFEST.SKIP
README
README.md
README.robots Bug 6411 add another example to README.robots 2011-07-05 14:48:05 +12:00
rewrite-config.PL Bug 16222: (QA followup) Add /api dir for the API 2016-04-20 21:18:36 +00:00

README.md

Koha is a free software integrated library system (ILS).

Koha is distributed under the GNU GPL version 3 or later.

Note: This is a synced mirror of the official Koha repo.

Note: Koha does not accept pull requests from git hosting sites.

Note: This project has its own bug tracker, to report a bug or submit a patch visit http://bugs.koha-comminity.org.

For guidelines on submitting patches for Koha please visit https://wiki.koha-community.org/wiki/SubmitingAPatch

The developers handbook can be found at https://wiki.koha-community.org/wiki/Developer_handbook

http://koha-community.org/

Koha Logo