Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Main Koha release repository https://koha-community.org
43690 commits 35 branches 612 tags 1.8 GiB
Perl 45.3%
JavaScript 39.4%
HTML 7.2%
XSLT 3.9%
Vue 1.4%
Other 2.3%
Find a file
Kyle M Hall e9bc90ebb0 Bug 29264: SIP config allows use of non-branchcode institution ids causes workers to die without responding 
If is entirely possible to create an SIP institution whose ID does not match a valid branchcode in Koha's SIP config. In fact, Koha's example SIP config contains an example of this ( kohalibrary / kohalibrary2 ).

If a SIP login uses an institution with an id that doesn't match a valid branchcode, everything will appear to work, but the SIP worker will die anywhere that Koha gets the branch from the userenv and assumes it is valid.

The repercussions of this are that actions such as the checkout message simply die and do not return a response message to the requestor.

At the very least, we should output a warning to the SIP log.

I think we should strongly consider disallowing institution ids in the SIP config that do not match valid branchcodes. In this scenario, attempting to start the SIP server should result in a error message with the SIP server exiting immediately.

Test Plan:
1) Apply this patch
2) Make a sip login that uses an instution whose id is *not* a valid branchcode
3) Start the SIP server
4) Check sip.log, you should see a warning similar to the following:
[2021/10/18 12:18:29] [2068079] [ERROR] ERROR: Institution kohalibrary does does not match a branchcode. This can cause unexpected behavior. C4::SIP::Sip::siplog /kohadevbox/koha/C4/SIP/Sip.pm (220)

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-11-15 12:38:39 +01:00
acqui Bug 29283: (QA follow-up) Remove code duplication 2021-11-02 14:57:09 +01:00
admin Bug 29429: (bug 17600 follow-up) Fix import in aqbudgetperiods.pl 2021-11-08 12:11:44 +01:00
api Bug 29183: (follow-up) Add x-koha-query option 2021-11-15 12:38:39 +01:00
authorities Bug 28785: Adjust check_cookie_auth calls 2021-10-18 11:28:41 +02:00
basket Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
bin
C4 Bug 29264: SIP config allows use of non-branchcode institution ids causes workers to die without responding 2021-11-15 12:38:39 +01:00
catalogue Bug 28959: (QA follow-up) One more lost 'category' to 'public' change 2021-11-02 14:27:12 +01:00
cataloguing Bug 29369: Use Flatpickr in dateaccessioned cataloging plugin 2021-11-03 15:40:53 +01:00
circ Bug 29015: Add options for itemtype, collection, and shelving location to view_holdsqueue.pl 2021-11-03 15:40:52 +01:00
clubs Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
course_reserves Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
debian Bug 18984: Remove NORMARC support 2021-10-07 15:36:40 +02:00
docs Bug 28904: Fix typo and display 2021-11-02 16:50:01 +01:00
errors Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
etc Bug 28236: Allow access to json files from apache config 2021-11-03 15:40:52 +01:00
ill Bug 22614: Migrate original request 2021-09-21 20:22:57 +02:00
installer Bug 28374: DBRev 21.06.00.047 2021-11-15 12:38:39 +01:00
Koha Bug 29330: Add Koha::Email->new_from_string 2021-11-15 12:38:39 +01:00
koha-tmpl Bug 28374: Convert printreceipt to use GetPreparedLetter 2021-11-15 12:38:39 +01:00
labels Bug 17600: Fix POSIX imports 2021-07-29 14:37:26 +02:00
lib/CGI/Session/Serialize Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
members Bug 28211: Replace use of call_recursive() with call() 2021-10-18 11:28:41 +02:00
misc Bug 28994: Fix logical errors with amount vs amoutoutstanding 2021-11-15 12:38:39 +01:00
offline_circ Bug 28785: Adjust check_cookie_auth calls 2021-10-18 11:28:41 +02:00
opac Bug 29435: include missing subroutine from C4::AuthoritiesMarc 2021-11-15 12:38:39 +01:00
patron_lists Bug 16446: Add ability to add patrons to list by borrowernumber 2021-10-21 12:24:04 +02:00
patroncards Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
plugins Bug 28785: Adjust check_cookie_auth calls 2021-10-18 11:28:41 +02:00
pos Bug 28374: Convert printreceipt to use GetPreparedLetter 2021-11-15 12:38:39 +01:00
reports Bug 29204: (QA follow-up) Fix variable name 2021-11-15 12:38:39 +01:00
reserve Bug 29116: Use a pre-existing accessor instead of reimplementing it 2021-10-12 11:15:32 +02:00
reviews Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
rotating_collections Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
serials Bug 28785: Adjust check_cookie_auth calls 2021-10-18 11:28:41 +02:00
services Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
skel
suggestion Bug 24370: Allow resetting library to ANY 2021-11-02 14:57:04 +01:00
svc Bug 28959: Add virtualshelves.public as a boolean 2021-10-28 17:47:38 +02:00
t Bug 29330: Add Koha::Email->new_from_string 2021-11-15 12:38:39 +01:00
tags Bug 28785: Adjust check_cookie_auth calls 2021-10-18 11:28:41 +02:00
tmp/modified_authorities
tools Bug 29380: Correct table name in joins to prevent errors 2021-11-03 15:40:52 +01:00
virtualshelves Bug 28959: Fix other cases 2021-10-28 17:47:38 +02:00
xt Bug 27622: Fix sample_notices.t 2021-10-07 15:49:01 +02:00
.editorconfig Bug 27375: Set YAML file settings in .editorconfig 2021-11-03 15:40:52 +01:00
.eslintrc.json
.gitignore
.htaccess Fix file permissions: if it is not a script, it should not be executable. 2010-04-16 00:40:34 -04:00
.mailmap Bug 28386: Disambiguate Tomas and Blou 2021-05-26 12:30:59 +02:00
.perlcriticrc
.proverc.dist Bug 19821: Install sample data, ES mappings and Version syspref 2021-10-25 11:27:40 +02:00
.scss-lint.yml Bug 21237: Clean up staff client SCSS 2018-08-24 16:23:25 +00:00
about.pl Bug 28870: Move email address validation to a specific class method 2021-09-28 10:22:36 +02:00
app.psgi Bug 20582: Fix PSGI file when behind a reverse proxy 2020-10-06 12:00:04 +02:00
changelanguage.pl
cpanfile Bug 28926: Update cpanfile for Mojolicious::Plugin::OpenAPI v2.16 2021-11-02 16:06:51 +01:00
fix-perl-path.PL Bug 28606: Remove $DEBUG and $ENV{DEBUG} 2021-06-24 11:53:44 +02:00
gulpfile.js Bug 18984: Remove NORMARC support 2021-10-07 15:36:40 +02:00
help.pl Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
INSTALL Bug 26617: Update INSTALL file to include koha-testing-docker and Gitlab links 2020-10-15 12:56:30 +02:00
Koha.pm Bug 28374: DBRev 21.06.00.047 2021-11-15 12:38:39 +01:00
koha_perl_deps.pl Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
kohaversion.pl Bug 26384: Fix executable flags 2020-09-11 09:56:56 +02:00
LICENSE
mainpage.pl Bug 29020: Add link on the mainpage for users without admin access 2021-10-19 09:29:09 +02:00
Makefile.PL Bug 18984: Remove NORMARC support 2021-10-07 15:36:40 +02:00
MANIFEST.SKIP
package.json Bug 27939: Update yarn.lock file 2021-03-16 12:04:06 +01:00
README
README.md
README.robots Bug 6411 add another example to README.robots 2011-07-05 14:48:05 +12:00
rewrite-config.PL Bug 28519: Put CGI::Session::Serialize::yamlxs in lib directory 2021-06-17 10:07:36 +02:00
yarn.lock Bug 27939: Update yarn.lock file 2021-03-16 12:04:06 +01:00

README.md

Koha is a free software integrated library system (ILS).

Koha is distributed under the GNU GPL version 3 or later.

Note: Koha does not accept pull requests from git hosting sites.

Note: This project has its own bug tracker, to report a bug or submit a patch visit http://bugs.koha-community.org.

For guidelines on submitting patches for Koha please visit https://wiki.koha-community.org/wiki/SubmitingAPatch

The developers handbook can be found at https://wiki.koha-community.org/wiki/Developer_handbook

http://koha-community.org/

Koha Logo