Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/intranet-tmpl/prog/en/modules
History
Galen Charlton 94e349ff6c Bug 11666: remove SQL as an option for MARC framework exports and imports 
The SQL option for MARC framework imports was subject to a bug whereby
somebody could use it to gain access to arbitrary information in the
database by uploading an SQL file containing unexpected statements.

As it is difficult to securely sanitize SQL, this patch removes the
option to use SQL as an import or export format.

To test:

[1] Verify that SQL no longer appears as an import or export option
    for the MARC frameworks.
[2] Verify that exports and imports in CSV, Excel XML, and ODS formats
    still work.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Works as advertised. The UI doesn't offer exporting/importing in the SQL format.
Crafting the URL to export SQL fallbacks to a spreadsheet format (ODS).

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works as described, passes all tests and QA script.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-02-05 19:48:27 +00:00
..
acqui Bug 11579: Show ordernumber in basket.pl tables 2014-01-29 22:35:17 +00:00
admin Bug 11666: remove SQL as an option for MARC framework exports and imports 2014-02-05 19:48:27 +00:00
authorities Bug 10691: use authority ID in see-also links in authority search results (staff) 2014-01-16 22:35:58 +00:00
basket Bug 9218: fix intranet cart email for non english templates 2013-10-31 23:53:25 +00:00
batch Bug 9210: wrap long lines in printed hold notices 2014-01-15 15:51:44 +00:00
catalogue Bug 10851: (follow-up) FIX bad c/p (variable name) 2014-02-04 17:48:55 +00:00
cataloguing Bug 11503: [Follow-up] fix another typo 2014-01-14 20:08:58 +00:00
circ Bug 11616: remove jQuery tablesorter plugin 2014-01-31 15:24:01 +00:00
course_reserves Bug 11534: fix bug that made it impossible to remove instructors from a course 2014-01-31 15:45:56 +00:00
errors
help Bug 11503: fix several typos 2014-01-13 20:47:03 +00:00
installer Bug 2774 - Path to theme is hard-coded in many places 2013-06-07 09:04:15 -07:00
labels Bug 11363: make units in label printer profile form translatable 2014-01-17 15:09:55 +00:00
members Bug 11488: make string "Are you sure you want to write off ..." translatable 2014-01-31 15:51:12 +00:00
offline_circ Bug 10288 - Fix a tiny typo on "Pending offline circulation actions" 2013-05-20 12:23:32 -07:00
patron_lists Bug 11636 - make it possible to remove patrons from patron list during add process 2014-02-04 18:37:18 +00:00
patroncards Bug 9924 - Simplify and rename patron card creator error message include 2013-09-08 19:19:23 +00:00
plugins Bug 7804 - Add Koha Plugin System - QA Followup 2 2013-03-20 14:50:19 -04:00
reports Bug 10718: fix items with no checkouts report 2013-09-08 20:04:43 +00:00
reserve Bug 9788: QA followup 2014-01-17 05:10:42 +00:00
reviews
rotating_collections
serials Bug 10851: add additional "missing" statuses for serials issues 2014-02-04 17:43:49 +00:00
services Bug 10475 - Item form in acquisition not hiding subfields properly 2013-07-12 20:40:15 +00:00
sms
suggestion Bug 10626: Remove doubled up TT plugins - Merge KohaAuthorisedValues and AuthorisedValues 2013-12-20 04:14:45 +00:00
tags Bug 2693: add ability to filter by reviewer name on tag review page 2013-12-02 15:58:04 +00:00
test Bug 2774 - Path to theme is hard-coded in many places 2013-05-20 11:11:04 -07:00
tools Bug 11477: (follow-up) improve display of user/patrons in logs tool 2014-01-17 06:06:53 +00:00
virtualshelves Bug 9757: Remove duplicated action buttons. 2013-06-26 09:04:37 -07:00
z3950
about.tt Bug 7143: add another name to the about page 2014-01-16 15:30:43 +00:00
auth.tt Bug 11146: Show a go back link on no permission page 2013-11-23 19:43:37 +00:00
intranet-main.tt Bug 10888: Don't hide authorities module from users who lack permission to edit authorities 2013-09-21 17:59:05 +00:00