main Koha release repository branch 18.05.x updated. v18.05.11-28-g147d67c

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

main Koha release repository branch 18.05.x updated. v18.05.11-28-g147d67c

Git repo owner
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".

The branch, 18.05.x has been updated
       via  147d67cebfa6a67b0a783fda03be588d08910a7c (commit)
       via  96a700c3dd0d4008c6c0250ac24c8c0c2e8b9dee (commit)
      from  4250579e3f6a7c7e941376b31d48a854f0ad7c43 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 147d67cebfa6a67b0a783fda03be588d08910a7c
Author: Tomas Cohen Arazi <[hidden email]>
Date:   Fri Apr 5 15:13:36 2019 -0300

    Bug 22068: (QA follow-up) Return meaningful error codes
   
    Signed-off-by: Tomas Cohen Arazi <[hidden email]>
   
    Signed-off-by: Nick Clemens <[hidden email]>
    (cherry picked from commit e98dacf9f1f8464f0db394da6bc1152f96713597)
    Signed-off-by: Martin Renvoize <[hidden email]>
    (cherry picked from commit 912a97f8b49b89d03ed524bed2072db0a50c4527)
   
    Signed-off-by: Lucas Gass <[hidden email]>

commit 96a700c3dd0d4008c6c0250ac24c8c0c2e8b9dee
Author: Jonathan Druart <[hidden email]>
Date:   Thu Feb 14 17:03:17 2019 -0300

    Bug 22068: Prevent patrons to cancel article request they did not create
   
    opac-article-request-cancel.pl doesn't check that the article request to
    be cancelled actually belongs to the logged-in borrower. This results in
    any logged-in user being able to cancel any article request just by
    changing the id in the URL.
   
    Test plan:
    - Login with Patron P1, create an article request
    - Cancel it
    - Create another one
    - Copy the cancellation link (must be /cgi-bin/koha/opac-article-request-cancel.pl?id=X)
    - Login with Patron P2
    - Hit the cancellation link
    => Without this patch the article request is cancelled
    => With this patch applied there is a 404 redirection
   
    Note that the 404 will also appears when the article request id does not
    exist.
   
    Signed-off-by: Ere Maijala <[hidden email]>
    Signed-off-by: Tomas Cohen Arazi <[hidden email]>
   
    Signed-off-by: Nick Clemens <[hidden email]>
    (cherry picked from commit 0b931d5de3c4fe9fa2b4823d9b8727b28a46aa7c)
    Signed-off-by: Martin Renvoize <[hidden email]>
    (cherry picked from commit dc32211a8ea12e67453e5af9edaac0a73b52e2de)
   
    Signed-off-by: Lucas Gass <[hidden email]>

-----------------------------------------------------------------------

Summary of changes:
 opac/opac-article-request-cancel.pl |   13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)


hooks/post-receive
--
main Koha release repository
_______________________________________________
koha-commits mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-commits