Koha-community/Koha: Main Koha release repository - Koha: The world's first free and open source library system

Main Koha release repository https://koha-community.org

Find a file

Galen Charlton 94e349ff6c Bug 11666: remove SQL as an option for MARC framework exports and imports The SQL option for MARC framework imports was subject to a bug whereby somebody could use it to gain access to arbitrary information in the database by uploading an SQL file containing unexpected statements. As it is difficult to securely sanitize SQL, this patch removes the option to use SQL as an import or export format. To test: [1] Verify that SQL no longer appears as an import or export option for the MARC frameworks. [2] Verify that exports and imports in CSV, Excel XML, and ODS formats still work. Signed-off-by: Galen Charlton <gmc@esilibrary.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com> Works as advertised. The UI doesn't offer exporting/importing in the SQL format. Crafting the URL to export SQL fallbacks to a spreadsheet format (ODS). Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de> Works as described, passes all tests and QA script. Signed-off-by: Galen Charlton <gmc@esilibrary.com>		2014-02-05 19:48:27 +00:00
acqui	Bug 9823: Refactor return from GetReservesFromBiblionumber	2014-01-30 16:19:55 +00:00
admin	Bug 11666: remove SQL as an option for MARC framework exports and imports	2014-02-05 19:48:27 +00:00
authorities	Bug 11313: supply empty value in mandatory comboboxs in MARC record editors	2014-01-23 03:47:38 +00:00
basket	Bug 10605: fix encoding issue on basket email (INTRANET)	2013-12-10 04:37:12 +00:00
C4	Bug 11666: remove SQL as an option for MARC framework exports and imports	2014-02-05 19:48:27 +00:00
catalogue	Bug 9823: QA follow-up for GetReservesFromBiblionumber calls	2014-01-30 16:23:34 +00:00
cataloguing	Bug 11313: supply empty value in mandatory comboboxs in MARC record editors	2014-01-23 03:47:38 +00:00
circ	Bug 11486: Show renewal count on 'check out' and 'details' tabs in patron record	2014-01-23 17:39:55 +00:00
course_reserves
debian	Bug 11655: koha-translate --list no longer shows 'en'	2014-02-04 17:36:39 +00:00
docs	Bug 7143: Updating about page and history	2014-01-16 15:28:13 +00:00
errors
etc	Bug 11619: remove duplicate key in QueryParser config	2014-02-04 18:42:12 +00:00
install_misc
installer	Bug 10811: (follow-up) use "local-number" rather than "Local-Number"	2014-01-31 19:21:48 +00:00
Koha	Bug 11268: (follow-up) update DBIC schema classes	2014-01-31 15:58:58 +00:00
koha-tmpl	Bug 11666: remove SQL as an option for MARC framework exports and imports	2014-02-05 19:48:27 +00:00
labels	Bug 11222: fix crash that can occur in search for items to add to label batch	2013-11-23 19:54:38 +00:00
members	Bug 11662: remove disused member-picupload.pl	2014-02-05 01:36:30 +00:00
misc	Bug 11571: fix breakage of -f option for translate script	2014-01-26 15:50:41 +00:00
offline_circ
opac	Bug 11491: (QA follow-up) updated license and use Modern::Perl	2014-01-31 20:29:21 +00:00
OpenILS
patron_lists
patroncards
plugins
reports
reserve	Bug 9823: Refactor return from GetReservesFromBiblionumber	2014-01-30 16:19:55 +00:00
reviews
rotating_collections
selenium	Adding selenium tests for filterMembers	2009-09-30 11:30:37 +02:00
serials	Bug 9823: Refactor return from GetReservesFromBiblionumber	2014-01-30 16:19:55 +00:00
services
skel
sms
suggestion	Bug 10277 - Add C4::Context->IsSuperLibrarian()	2013-12-30 15:47:23 +00:00
svc	Bug 11491: (QA follow-up) updated license and use Modern::Perl	2014-01-31 20:29:21 +00:00
t	Bug 11619: (follow-up) fix QueryParser.t	2014-02-04 18:44:07 +00:00
tags
test
tmp/modified_authorities
tools	Bug 11660: remove disused tools/pdfViewer.pl	2014-02-05 01:36:00 +00:00
virtualshelves
xt	Bug 11304: fix display of detail page holdings tab in translated Bootstrap theme	2013-11-27 16:52:02 +00:00
.htaccess
.mailmap
about.pl
changelanguage.pl
edithelp.pl	Bug 11661: sanitize file names supplied to edithelp.pl	2014-02-05 01:36:10 +00:00
fix-perl-path.PL
help.pl	Bug 11238: contruct links to the appropriate manual version dynamically	2013-11-23 19:30:16 +00:00
INSTALL
install-CPAN.pl
INSTALL.debian
INSTALL.fedora7
INSTALL.opensuse
INSTALL.ubuntu
koha_perl_deps.pl
kohaversion.pl	Bug 11268: DBRev 3.15.00.016	2014-01-31 15:55:24 +00:00
LICENSE
mainpage.pl
Makefile.PL
MANIFEST.SKIP
README
README.robots
rewrite-config.PL

README

Koha is a free software integrated library system.

Koha is distributed under the GNU GPL version 3 or later.
Please read the file LICENSE for more details.

To install or upgrade Koha, please see the INSTALL file appropriate
to your platform.

Report bugs at http://bugs.koha-community.org/

Visit the Koha Project website at http://www.koha-community.org/