Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Main Koha release repository https://koha-community.org
50273 commits 35 branches 612 tags 1.8 GiB
Perl 45.4%
JavaScript 39.3%
HTML 7.2%
XSLT 3.9%
Vue 1.4%
Other 2.3%
Find a file
David Cook ff7b6a09de Bug 34349: Validate/escape inputs for task scheduler 
This change validates and escapes inputs for task scheduler.

Test plan:
0. Apply patch
1. koha-plack --reload kohadev
2. Go to http://localhost:8081/cgi-bin/koha/tools/scheduler.pl
3. Input a time a minute in the future and leave the date blank
4. Choose an existing report and output format
5. Type a malicious string which is also a valid email address
into the Email field
6. Click "Save"
7. Note that the job is added but the Email is wrapped in single
quotes
8. Try using a non-malicious email address with a single quote.
9. Note that the single quote is escaped, so that it will still
be used by runreport.pl

JD amended patch: tidy

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
[EDIT] Removed pars for $email =~ regex, removed old commented lines.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit dcd698a4b4)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2023-09-26 21:25:13 -10:00
acqui Bug 34445: Set default budget in addorderiso2709.pl 2023-08-30 10:14:50 -10:00
admin Bug 34748: Fix column name in columns configuration for basket table 2023-09-25 09:15:39 -10:00
api Bug 34054: Allow to embed biblio on GET /items 2023-09-22 09:42:52 -10:00
authorities Bug 33406: (QA follow-up) Adjust tests and tidy 2023-09-17 22:49:50 -10:00
basket Bug 34731: Don't call SendQueuedMessages if message_id is bad 2023-09-14 07:54:48 -10:00
bin
C4 Bug 34513: Set auth state correctly when changing auth sessions 2023-09-26 21:25:13 -10:00
catalogue Bug 33047: Return 404 instead of 500 when biblio does not exist 2023-07-18 10:28:24 +01:00
cataloguing Bug 34288: Allow access to the cataloguing module with tools permission 2023-07-19 08:32:47 +01:00
circ Bug 34094: Use DefaultPatronSearchMethod consistently 2023-07-17 16:04:31 +01:00
clubs
course_reserves
debian Bug 34653: Make koha-foreach return the correct status code 2023-09-25 09:28:42 -10:00
docs Bug 33899: Add the 23.11 release team 2023-07-12 07:59:29 +01:00
erm Bug 32922: Remove space in shebang 2023-02-20 09:44:06 -03:00
errors
etc Bug 34101: Limit items types that can be checked out via SIP2 2023-07-17 16:35:05 +01:00
ill
installer Bug 34748: DBRev 23.05.03.005 2023-09-25 09:16:51 -10:00
Koha Bug 34622: Fix store default query 2023-09-20 20:06:10 -10:00
koha-tmpl Bug 34302: (bug 28653 follow-up) Do not refresh the table if an error happened 2023-09-22 10:34:44 -10:00
labels
lib/CGI/Session/Serialize
members Bug 34731: Don't call SendQueuedMessages if message_id is bad 2023-09-14 07:54:48 -10:00
misc Bug 34728: (QA follow-up) Remove o modifier, bit more compact 2023-09-18 11:44:51 -10:00
offline_circ Bug 33961: Remove built-in offline circ tool 2023-07-17 08:18:59 +01:00
opac Bug 34760: Confirm session ID is set to save OPAC search history to logged in user 2023-09-20 20:21:12 -10:00
patron_lists
patroncards
plugins Bug 30367: (follow-up) Same adjustment for gitlab 2023-05-05 10:18:57 -03:00
pos Bug 34731: Don't call SendQueuedMessages if message_id is bad 2023-09-14 07:54:48 -10:00
recalls Bug 34013: Recalls awaiting pickup doesn't show count on each tab 2023-07-17 14:51:00 +01:00
reports Bug 34552: Don't exclude payments with no status 2023-09-18 10:54:30 -10:00
reserve Bug 34634: Show expirationdate of expired holds on reserve/request.pl 2023-09-07 20:13:21 -10:00
reviews
rotating_collections
serials Bug 34146: Counterpart for serials-edit 2023-07-17 15:57:40 +01:00
services
skel
suggestion Bug 34601: Fix edit/delete links on suggestion.tt 2023-08-30 09:51:33 -10:00
svc Bug 34732: (QA follow-up): tidy up code 2023-09-20 20:12:28 -10:00
t Bug 34513: (QA follow-up) Tidy 2023-09-26 21:25:13 -10:00
tags
tools Bug 34349: Validate/escape inputs for task scheduler 2023-09-26 21:25:13 -10:00
virtualshelves Bug 34731: Don't call SendQueuedMessages if message_id is bad 2023-09-14 07:54:48 -10:00
xt Bug 30002: Remove unused xt/perltidyrc 2023-07-12 07:55:00 +01:00
.editorconfig
.eslintrc.json
.gitignore Bug 33710: Ignore how-to related files 2023-05-12 17:50:01 -03:00
.htaccess
.mailmap Update .mailmap 2023-07-17 08:12:22 +01:00
.perlcriticrc
.perltidyrc Bug 30002: Adjust perltidy 2023-07-12 07:55:00 +01:00
.proverc.dist
.stylelintrc.json
about.pl Bug 33934: Add more detail to 'No encryption_key in koha-conf.xml' 2023-06-09 12:05:00 -03:00
app.psgi
build-resources.PL Bug 32609: Use the current yarn.lock to generate node_modules 2023-02-10 11:07:57 -03:00
changelanguage.pl
cpanfile Bug 33964: (QA follow-up) Remove library from cpanfile 2023-08-07 20:05:46 -10:00
cypress.json Bug 33408: Extend defaultCommandTimeout for cypress 2023-04-13 11:48:00 -03:00
fix-perl-path.PL
gulpfile.js Bug 32978: Replace node-sass with dart-sass 2023-02-22 10:03:39 -03:00
help.pl
INSTALL
Koha.pm Bug 34748: DBRev 23.05.03.005 2023-09-25 09:16:51 -10:00
koha_perl_deps.pl
kohaversion.pl
LICENSE
mainpage.pl Bug 33133: Add fast cataloging to 'Cataloging' page 2023-03-27 12:50:07 +02:00
Makefile.PL Bug 26700: Remove occurrences in Makefile.PL 2023-07-17 11:01:46 +01:00
MANIFEST.SKIP
package.json Bug 33066: Introduce a KohaTable Vue component 2023-04-10 07:38:28 -03:00
README
README.md
README.robots
rewrite-config.PL
tsconfig.json
webpack.config.js Bug 32806: Move main-erm.ts to modules/erm.ts 2023-02-27 11:12:01 -03:00
yarn.lock Bug 33066: Introduce a KohaTable Vue component 2023-04-10 07:38:28 -03:00

README.md

Koha is a free software integrated library system (ILS).

Koha is distributed under the GNU GPL version 3 or later.

Note: Koha does not accept pull requests from git hosting sites.

Note: This project has its own bug tracker, to report a bug or submit a patch visit http://bugs.koha-community.org.

For guidelines on submitting patches for Koha please visit https://wiki.koha-community.org/wiki/SubmitingAPatch

The developers handbook can be found at https://wiki.koha-community.org/wiki/Developer_handbook

http://koha-community.org/

Koha Logo