Main Koha release repository https://koha-community.org
Find a file
Marcel de Rooy fc980aed31 Bug 32457: Fix CGI vulnerability in addorder.pl
Test plan:
Go to acqui/addorder.pl.
Create two items.
Check if results still match your expectations.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit b389f9a361)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 427d0b32e9)

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2023-01-19 23:11:55 +00:00
acqui Bug 32457: Fix CGI vulnerability in addorder.pl 2023-01-19 23:11:55 +00:00
admin Bug 31976: Incorrect default category selected by authorized values page 2022-12-05 23:37:08 +00:00
api Bug 30982: [22.05.x] Use the REST API for background job list view 2022-11-01 21:40:18 +00:00
authorities Bug 29333: Fix encoding of imported UNIMARC authorities 2022-08-23 15:30:11 +00:00
basket Bug 29871: Remove marcflavour param in Koha::Biblio->get_marc_notes 2022-07-12 15:54:27 +00:00
bin Bug 20582: Turn Koha into a Mojolicious application 2020-10-06 12:00:04 +02:00
C4 Bug 32208: Adjust Auth.pm for relogin without perms 2022-12-22 16:20:27 +00:00
catalogue Bug 30779: Remove _update_import_record_marc and update tests 2022-10-03 22:48:43 +00:00
cataloguing Bug 31873: Check ->find before calling ->safe_delete 2023-01-17 15:39:09 +00:00
circ Bug 28167: Remove uninitialized variable warnings from circ/set-library.pl 2022-10-31 22:41:21 +00:00
clubs Bug 29859: Use iterator instead of as_list 2022-02-09 15:36:23 -10:00
course_reserves Bug 30409: barcodedecode() should always trim barcode 2022-07-13 19:44:18 +00:00
debian Bug 31675: Remove packages from debian/control that are no longer used 2023-01-18 21:26:45 +00:00
docs Bug 30808: Add the 22.05 release team. 2022-05-25 23:56:12 -10:00
errors Bug 29420: HTTP status code incorrect when calling error pages directly under Plack/PSGI 2022-04-20 09:03:39 -10:00
etc Bug 15048: Index all possible searched subfields for index-term-genre 2022-12-05 22:42:23 +00:00
ill Bug 29844: Fix ->search occurrences 2022-02-09 15:36:23 -10:00
installer Increment version for the 22.05.08 release 2022-12-22 17:18:30 +00:00
Koha Bug 32242: Resolve encoding issue when sending to Net::Stomp 2022-12-21 15:40:07 +00:00
koha-tmpl Bug 32115: Add ID to check-out default help message dialog to allow customization 2023-01-19 23:06:46 +00:00
labels Bug 31482: Label creator does not call barcodedecode 2022-11-10 23:43:49 +00:00
lib/CGI/Session/Serialize Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
members Bug 31739: Password recovery from staff fails if previous expired reset-entry exists. 2022-12-05 22:38:12 +00:00
misc Update release notes for 22.05.08 release 2022-12-22 18:17:09 +00:00
offline_circ Bug 30525: Items batch modification broken 2022-04-21 13:41:36 -10:00
opac Bug 31739: Password recovery from staff fails if previous expired reset-entry exists. 2022-12-05 22:38:12 +00:00
patron_lists Bug 16446: Add ability to add patrons to list by borrowernumber 2021-10-21 12:24:04 +02:00
patroncards Bug 24001: Fix patron card template edition 2022-04-28 10:49:20 -10:00
plugins Bug 29787: Add plugin version to plugin search results 2022-04-08 15:49:15 +02:00
pos Bug 28481: (RM follow-up) formatting 2021-12-16 12:13:51 -10:00
recalls Bug 30924: Add missing branchtransfers.reason value for recall cancellation 2022-07-13 19:13:33 +00:00
reports Bug 28967: Patrons with no checkouts report shows patrons from other libraries with IndependentBranches 2022-12-05 20:23:34 +00:00
reserve Bug 31575: Missing warning for holds where AllowHoldPolicyOverride can be used to force a hold to be placed 2022-12-05 18:06:06 +00:00
reviews Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
rotating_collections Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
serials Bug 29608: Made so doesn't require full permission 2022-10-31 19:55:45 +00:00
services Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
skel Bug 11078: Add locking to rebuild_zebra 2014-02-28 22:21:41 +00:00
suggestion Bug 30127: By default show pending suggestions tab 2022-05-10 23:09:09 -10:00
svc Bug 31682: Silence automatic linker warn 2022-12-05 18:15:20 +00:00
t Bug 32622: Fix Auth.t on D10 2023-01-17 21:06:50 +00:00
tags Bug 29469: (bug 17600 follow-up) Fix tag approval/rejection from staff 2021-11-16 15:49:22 +01:00
tmp/modified_authorities changing DO_NOT_REMOVE to README.txt 2007-10-21 19:14:41 -05:00
tools Bug 32037: Check for existence of object before building link 2023-01-18 21:14:52 +00:00
virtualshelves Bug 29114: Trim whitespace before the barcode 2022-08-23 19:29:20 +00:00
xt Bug 27619: (QA follow-up) Remove xt/sample_notices.t 2022-05-11 11:28:48 +01:00
.editorconfig Bug 27375: Set YAML file settings in .editorconfig 2021-11-03 15:40:52 +01:00
.eslintrc.json Bug 23834: Add default ESLint configuration 2019-11-03 08:02:39 +00:00
.gitignore Bug 20427: Convert OPAC LESS to SCSS 2018-08-09 15:17:07 +00:00
.htaccess Fix file permissions: if it is not a script, it should not be executable. 2010-04-16 00:40:34 -04:00
.mailmap 22.05.00: Update mailmap 2022-05-25 23:56:12 -10:00
.perlcriticrc Bug 25898: Prohibit indirect object notation 2020-10-15 12:56:30 +02:00
.proverc.dist Bug 19821: Install sample data, ES mappings and Version syspref 2021-10-25 11:27:40 +02:00
.scss-lint.yml Bug 21237: Clean up staff client SCSS 2018-08-24 16:23:25 +00:00
about.pl Bug 27667: Display a warning for records missing in Elasticsearch 2022-08-23 19:26:34 +00:00
app.psgi Bug 20582: Fix PSGI file when behind a reverse proxy 2020-10-06 12:00:04 +02:00
changelanguage.pl Bug 25898: Prohibit indirect object notation 2020-10-15 12:56:30 +02:00
cpanfile Bug 31588 - Update cpanfile for new OpenAPI versions (22.05) 2022-12-05 21:23:00 +00:00
fix-perl-path.PL Bug 28606: Remove $DEBUG and $ENV{DEBUG} 2021-06-24 11:53:44 +02:00
gulpfile.js Bug 30373: Enable translation of UNIMARC frameworks 2022-04-21 13:41:35 -10:00
help.pl Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
INSTALL Bug 26617: Update INSTALL file to include koha-testing-docker and Gitlab links 2020-10-15 12:56:30 +02:00
Koha.pm Increment version for the 22.05.08 release 2022-12-22 17:18:30 +00:00
koha_perl_deps.pl Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
kohaversion.pl Bug 26384: Fix executable flags 2020-09-11 09:56:56 +02:00
LICENSE Bug 9440 - update Koha's LICENSE file from GPL2 to GPL3 2013-02-12 08:52:10 -05:00
mainpage.pl Bug 29020: Add link on the mainpage for users without admin access 2021-10-19 09:29:09 +02:00
Makefile.PL Bug 19532: Database and installer stuff 2022-03-14 22:45:50 -10:00
MANIFEST.SKIP Bug 9546 : Updating make manifest tardist 2013-02-06 23:54:46 -05:00
package.json Bug 27939: Update yarn.lock file 2021-03-16 12:04:06 +01:00
README Bug 9440 - update Koha's LICENSE file from GPL2 to GPL3 2013-02-12 08:52:10 -05:00
README.md Bug 27092: Remove note about "synced repo" from README.md 2020-11-25 16:31:58 +01:00
README.robots Bug 6411 add another example to README.robots 2011-07-05 14:48:05 +12:00
rewrite-config.PL Bug 28519: Put CGI::Session::Serialize::yamlxs in lib directory 2021-06-17 10:07:36 +02:00
yarn.lock Bug 27939: Update yarn.lock file 2021-03-16 12:04:06 +01:00

Koha is a free software integrated library system (ILS).

Koha is distributed under the GNU GPL version 3 or later.

Note: Koha does not accept pull requests from git hosting sites.

Note: This project has its own bug tracker, to report a bug or submit a patch visit http://bugs.koha-community.org.

For guidelines on submitting patches for Koha please visit https://wiki.koha-community.org/wiki/SubmitingAPatch

The developers handbook can be found at https://wiki.koha-community.org/wiki/Developer_handbook

http://koha-community.org/

Koha Logo