[Koha-bugs] [Bug 9411] Multiple uses of javascript eval on ajax responses in acq.js

2018-06-28 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9411

Jonathan Druart  changed:

   What|Removed |Added

 Resolution|--- |DUPLICATE
 Status|Failed QA   |RESOLVED

--- Comment #14 from Jonathan Druart  
---


*** This bug has been marked as a duplicate of bug 4439 ***

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 9411] Multiple uses of javascript eval on ajax responses in acq.js

2015-12-24 Thread bugzilla-daemon 
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9411

Marc Véron  changed:

   What|Removed |Added

 CC||ve...@veron.ch

--- Comment #13 from Marc Véron  ---
Is this bug still valid? (Does not apply).

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 9411] Multiple uses of javascript eval on ajax responses in acq.js

2015-02-16 Thread bugzilla-daemon 
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9411

Jonathan Druart jonathan.dru...@biblibre.com changed:

   What|Removed |Added

 CC||jonathan.dru...@biblibre.co
   ||m

--- Comment #12 from Jonathan Druart jonathan.dru...@biblibre.com ---
Hugh, Any chances to see this resubmitted?

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 9411] Multiple uses of javascript eval on ajax responses in acq.js

2013-07-08 Thread bugzilla-daemon 
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9411

--- Comment #11 from Kyle M Hall k...@bywatersolutions.com ---
Since the patch in question doesn't change the behavior of Koha ( at least in
theory ) it would be as simple as 
1) Perform some action that tests the code to be modified
2) Apply this patch
3) Perform the same action, ensure everything still works the same.

What that the action or actions are, is up to you.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 9411] Multiple uses of javascript eval on ajax responses in acq.js

2013-07-05 Thread bugzilla-daemon 
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9411

--- Comment #10 from Hugh Davenport h...@davenport.net.nz ---
Hey Kyle/Owen,

What would the format of a test plan be?

Cheers,

Hugh

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 9411] Multiple uses of javascript eval on ajax responses in acq.js

2013-03-14 Thread bugzilla-daemon 
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9411

Owen Leonard oleon...@myacpl.org changed:

   What|Removed |Added

 Status|Needs Signoff   |Failed QA

--- Comment #9 from Owen Leonard oleon...@myacpl.org ---
Failing QA pending the addition of a test plan.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 9411] Multiple uses of javascript eval on ajax responses in acq.js

2013-02-15 Thread bugzilla-daemon 
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9411

--- Comment #8 from Kyle M Hall k...@bywatersolutions.com ---
Hugh, can you add a test plan to the patches comments?

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 9411] Multiple uses of javascript eval on ajax responses in acq.js

2013-01-18 Thread bugzilla-daemon 
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9411

Kyle M Hall k...@bywatersolutions.com changed:

   What|Removed |Added

 CC||k...@bywatersolutions.com

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 9411] Multiple uses of javascript eval on ajax responses in acq.js

2013-01-18 Thread bugzilla-daemon 
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9411

Chris Cormack ch...@bigballofwax.co.nz changed:

   What|Removed |Added

 CC||ch...@bigballofwax.co.nz

--- Comment #7 from Chris Cormack ch...@bigballofwax.co.nz ---
Yep, that's quite common in a lot of projects, you'll notice Galen does it
also. It means they have tested it themselves. Still needs an external sign off
of course. 
In fact just the other day Galen remarked something like when did we stop
adding a sign off to our patches?

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 9411] Multiple uses of javascript eval on ajax responses in acq.js

2013-01-16 Thread bugzilla-daemon 
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9411

--- Comment #1 from Hugh Davenport h...@davenport.net.nz ---
A brief look tells me that it is checking for numerical types, which would be
better suited by parseInt and parseFloat

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 9411] Multiple uses of javascript eval on ajax responses in acq.js

2013-01-16 Thread bugzilla-daemon 
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9411

Hugh Davenport h...@davenport.net.nz changed:

   What|Removed |Added

   Severity|normal  |major

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 9411] Multiple uses of javascript eval on ajax responses in acq.js

2013-01-16 Thread bugzilla-daemon 
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9411

Hugh Davenport h...@davenport.net.nz changed:

   What|Removed |Added

 Status|NEW |ASSIGNED
   Assignee|koha-b...@lists.koha-commun |h...@davenport.net.nz
   |ity.org |

--- Comment #2 from Hugh Davenport h...@davenport.net.nz ---
fixing

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 9411] Multiple uses of javascript eval on ajax responses in acq.js

2013-01-16 Thread bugzilla-daemon 
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9411

Hugh Davenport h...@davenport.net.nz changed:

   What|Removed |Added

 Status|ASSIGNED|Needs Signoff

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 9411] Multiple uses of javascript eval on ajax responses in acq.js

2013-01-16 Thread bugzilla-daemon 
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9411

Hugh Davenport h...@davenport.net.nz changed:

   What|Removed |Added

   Patch complexity|--- |Trivial patch

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 9411] Multiple uses of javascript eval on ajax responses in acq.js

2013-01-16 Thread bugzilla-daemon 
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9411

--- Comment #3 from Hugh Davenport h...@davenport.net.nz ---
Created attachment 14648
  --
http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=14648action=edit
bug 9411 Fix javascript evals to use parseInt and parseFloat

The acq.js file used evals to parse the return text of ajax queries
to determine what result to return. This is a bad thing, and can
potentially cause security risks.

This patch converts those eval calls to parseInt and parseFloat
calls.

Note: This patch depends on the patch in bug 4437 so there are no
conflicts.

Signed-off-by: Hugh Davenport h...@davenport.net.nz

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 9411] Multiple uses of javascript eval on ajax responses in acq.js

2013-01-16 Thread bugzilla-daemon 
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9411

Hugh Davenport h...@davenport.net.nz changed:

   What|Removed |Added

  Attachment #14648|0   |1
is obsolete||

--- Comment #4 from Hugh Davenport h...@davenport.net.nz ---
Created attachment 14650
  --
http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=14650action=edit
bug 9411 Fix javascript evals to use parseInt and parseFloat

The acq.js file used evals to parse the return text of ajax queries
to determine what result to return. This is a bad thing, and can
potentially cause security risks.

This patch converts those eval calls to parseInt and parseFloat
calls.

Note: This patch depends on the patch in bug 4437 so there are no
conflicts.

Signed-off-by: Hugh Davenport h...@davenport.net.nz

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 9411] Multiple uses of javascript eval on ajax responses in acq.js

2013-01-16 Thread bugzilla-daemon 
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9411

Hugh Davenport h...@davenport.net.nz changed:

   What|Removed |Added

   Patch complexity|Trivial patch   |Small patch

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 9411] Multiple uses of javascript eval on ajax responses in acq.js

2013-01-16 Thread bugzilla-daemon 
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9411

Hugh Davenport h...@davenport.net.nz changed:

   What|Removed |Added

  Attachment #14650|0   |1
is obsolete||

--- Comment #5 from Hugh Davenport h...@davenport.net.nz ---
Created attachment 14652
  --
http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=14652action=edit
bug 4439 Change some helper files to use C4::Service

Depends on bug 4437 to avoid conflicts

Depends on bug 9412 for a new feature used

Also fixes bug 9411

Signed-off-by: Hugh Davenport h...@davenport.net.nz

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/