[Koha-bugs] [Bug 6628] [security] help system use insecure REFERRER for file inclusion

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6628 Katrin Fischer changed: What|Removed |Added CC||katrin.fisc...@bsz-bw.de

[Koha-bugs] [Bug 6628] [security] help system use insecure REFERRER for file inclusion

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6628 Katrin Fischer changed: What|Removed |Added Attachment #6417|0 |1 is obsolete|

[Koha-bugs] [Bug 7249] Report webservices

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=7249 Katrin Fischer changed: What|Removed |Added Patch Status|Needs Signoff |Failed QA --- Comment #8 fro

[Koha-bugs] [Bug 7043] masthead_search id used twice in template

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=7043 Katrin Fischer changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|

[Koha-bugs] [Bug 6807] Add ISBN filter to advanced order search

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6807 Katrin Fischer changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|

[Koha-bugs] [Bug 7026] Web installer does not switch language

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=7026 Katrin Fischer changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|

[Koha-bugs] [Bug 6824] Basket permissions not looked up correctly

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6824 Bug 6824 depends on bug 6390, which changed state. Bug 6390 Summary: Basket only visible for librarian who created it http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6390 What|Old Value |New V

[Koha-bugs] [Bug 6676] Acquisition basket access control trivially by-passable

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6676 Bug 6676 depends on bug 6390, which changed state. Bug 6390 Summary: Basket only visible for librarian who created it http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6390 What|Old Value |New V

[Koha-bugs] [Bug 6390] Basket only visible for librarian who created it

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6390 Katrin Fischer changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|

[Koha-bugs] [Bug 7085] Problems with searching for orders in acquisitions

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=7085 --- Comment #7 from Katrin Fischer 2011-11-27 21:12:34 UTC --- Created attachment 6439 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=6439 3.4.x version of patch -- Configure bugmail: http://bugs.koha-community.or

[Koha-bugs] [Bug 7079] Default values for German system preferences (web installer)

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=7079 Katrin Fischer changed: What|Removed |Added Version|rel_3_8 |rel_3_6 --- Comment #5 from

[Koha-bugs] [Bug 3184] Show creator and budget receiving a document

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=3184 Katrin Fischer changed: What|Removed |Added Patch Status|Failed QA |Needs Signoff -- Configure

[Koha-bugs] [Bug 3184] Show creator and budget receiving a document

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=3184 Katrin Fischer changed: What|Removed |Added Attachment #6095|0 |1 is obsolete|

[Koha-bugs] [Bug 7113] Standardize vendor id name in templates and scripts

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=7113 Katrin Fischer changed: What|Removed |Added Patch Status|Needs Signoff |Signed Off --- Comment #14 f

[Koha-bugs] [Bug 7113] Standardize vendor id name in templates and scripts

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=7113 Katrin Fischer changed: What|Removed |Added Attachment #6114|0 |1 is obsolete|

[Koha-bugs] [Bug 6916] Selecting the acq date of an item should take you to the invoice page for it

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6916 Katrin Fischer changed: What|Removed |Added Patch Status|Needs Signoff |Signed Off -- Configure bug

[Koha-bugs] [Bug 6916] Selecting the acq date of an item should take you to the invoice page for it

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6916 Katrin Fischer changed: What|Removed |Added Attachment #6388|0 |1 is obsolete|

[Koha-bugs] [Bug 6894] Default currency on Acquisitions suggestion form

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6894 --- Comment #7 from Jared Camins-Esakov 2011-11-27 15:47:42 UTC --- Paul, I can confirm the bug, and the patch works to fix it for me, as well. Regards, Jared -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userpre

[Koha-bugs] [Bug 6894] Default currency on Acquisitions suggestion form

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6894 Jared Camins-Esakov changed: What|Removed |Added Attachment #6097|0 |1 is obsolete|

[Koha-bugs] [Bug 6894] Default currency on Acquisitions suggestion form

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6894 --- Comment #5 from Katrin Fischer 2011-11-27 15:31:01 UTC --- Ignore the Description. At first I thought this problem was happening on the order form and figured out later, that my wrong currencies happened during accpeting the sugge

[Koha-bugs] [Bug 5974] Bogus auth check for "StaffMember" role

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5974 Katrin Fischer changed: What|Removed |Added Attachment #6431|0 |1 is obsolete|

[Koha-bugs] [Bug 5974] Bogus auth check for "StaffMember" role

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5974 --- Comment #10 from Katrin Fischer 2011-11-27 15:14:12 UTC --- Created attachment 6433 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=6433 Bug 5974: Fix broken toolbar on paton checkout tab Fixed a couple of errors

[Koha-bugs] [Bug 6629] [security] insecure use of Cookie for language selection

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6629 Jared Camins-Esakov changed: What|Removed |Added CC||jcam...@cpbibliography.c

[Koha-bugs] [Bug 6629] [security] insecure use of Cookie for language selection

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6629 Jared Camins-Esakov changed: What|Removed |Added Attachment #6428|0 |1 is obsolete|

[Koha-bugs] [Bug 5974] Bogus auth check for "StaffMember" role

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5974 Katrin Fischer changed: What|Removed |Added Patch Status|Patch Pushed|Needs Signoff Seve

[Koha-bugs] [Bug 5974] Bogus auth check for "StaffMember" role

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5974 --- Comment #9 from Katrin Fischer 2011-11-27 14:32:53 UTC --- Created attachment 6431 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=6431 Bug 5974: Fix broken toolbar on paton checkout tab Fixed a couple of errors:

[Koha-bugs] [Bug 7269] Toolbar on patron check out tab broken

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=7269 Katrin Fischer changed: What|Removed |Added Status|NEW |RESOLVED Resolution|

[Koha-bugs] [Bug 5974] Bogus auth check for "StaffMember" role

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5974 Katrin Fischer changed: What|Removed |Added CC||katrin.fisc...@bsz-bw.de ---

[Koha-bugs] [Bug 7269] New: Toolbar on patron check out tab broken

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=7269 Bug #: 7269 Summary: Toolbar on patron check out tab broken Classification: Unclassified Change sponsored?: --- Product: Koha Version: master Platform: All URL:

[Koha-bugs] [Bug 7117] Small display problems when organising suggestion tabs by name

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=7117 Katrin Fischer changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|

[Koha-bugs] [Bug 7143] Bug for tracking changes to the about page

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=7143 Katrin Fischer changed: What|Removed |Added AssignedTo|neng...@gmail.com |katrin.fisc...@bsz-bw.de --

[Koha-bugs] [Bug 6328] Fine in days does not work

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6328 Katrin Fischer changed: What|Removed |Added Patch Status|Needs Signoff |Signed Off -- Configure bug

[Koha-bugs] [Bug 6328] Fine in days does not work

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6328 Katrin Fischer changed: What|Removed |Added Attachment #6421|0 |1 is obsolete|

[Koha-bugs] [Bug 6629] [security] insecure use of Cookie for language selection

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6629 Chris Cormack changed: What|Removed |Added Patch Status|Signed Off |Needs Signoff -- Configure b

[Koha-bugs] [Bug 6629] [security] insecure use of Cookie for language selection

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6629 Chris Cormack changed: What|Removed |Added Attachment #6427|0 |1 is obsolete|

[Koha-bugs] [Bug 6629] [security] insecure use of Cookie for language selection

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6629 --- Comment #28 from Chris Cormack 2011-11-27 08:59:02 UTC --- Created attachment 6427 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=6427 Bug 6629 : Follow up, sanitising in a couple more places -- Configure bugma

[Koha-bugs] [Bug 6629] [security] insecure use of Cookie for language selection

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6629 --- Comment #27 from Chris Cormack 2011-11-27 08:55:16 UTC --- Havent been able to exploit it, but doesn't hurt to sanitise it anyway. -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email --- Y

[Koha-bugs] [Bug 6629] [security] insecure use of Cookie for language selection

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6629 --- Comment #26 from Frère Sébastien Marie 2011-11-27 08:47:10 UTC --- In installer, there are another script that use cookie directly: installer/install.pl on line 268 and 231. On line 267-268: > my $langchoice = $query->param('fwkl

[Koha-bugs] [Bug 7268] Templates failing translation tests

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=7268 Katrin Fischer changed: What|Removed |Added Attachment #6425|0 |1 is obsolete|

[Koha-bugs] [Bug 7268] Templates failing translation tests

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=7268 Katrin Fischer changed: What|Removed |Added CC||katrin.fisc...@bsz-bw.de

[Koha-bugs] [Bug 7268] Templates failing translation tests

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=7268 Katrin Fischer changed: What|Removed |Added Attachment #6420|0 |1 is obsolete|

[Koha-bugs] [Bug 6629] [security] insecure use of Cookie for language selection

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6629 --- Comment #25 from Chris Cormack 2011-11-27 08:31:30 UTC --- Frère Sébastien Marie 3.2.x is end of life, so that patch won't be pushed. As soon as Chris Nighswonger is back I am sure he will push the 3.4.x one. And 3.4.7 will be

[Koha-bugs] [Bug 6629] [security] insecure use of Cookie for language selection

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6629 Katrin Fischer changed: What|Removed |Added Attachment #6423|0 |1 is obsolete|

[Koha-bugs] [Bug 6629] [security] insecure use of Cookie for language selection

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6629 Katrin Fischer changed: What|Removed |Added Patch Status|Needs Signoff |Signed Off -- Configure bug

[Koha-bugs] [Bug 6629] [security] insecure use of Cookie for language selection

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6629 Katrin Fischer changed: What|Removed |Added Attachment #6422|0 |1 is obsolete|

[Koha-bugs] [Bug 6629] [security] insecure use of Cookie for language selection

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6629 --- Comment #22 from Frère Sébastien Marie 2011-11-27 08:26:35 UTC --- When I check versus git, the following patchs are applied: - master (not vulnerable) : patch applied - 3.6.x (not vulnerable) : patch not found - 3.4.x *vulnera

[Koha-bugs] [Bug 6629] [security] insecure use of Cookie for language selection

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6629 Chris Cormack changed: What|Removed |Added Patch Status|Patch Pushed|Needs Signoff -- Configure b

[Koha-bugs] [Bug 6629] [security] insecure use of Cookie for language selection

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6629 Chris Cormack changed: What|Removed |Added Attachment #6403|0 |1 is obsolete|