https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
Katrin Fischer changed:
What|Removed |Added
Keywords|RM_priority |
--
You are receiving
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
Fridolin Somers changed:
What|Removed |Added
Status|Pushed to master|RESOLVED
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
Bug 36349 depends on bug 36102, which changed state.
Bug 36102 Summary: Protect login forms from CSRF attacks
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36102
What|Removed |Added
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
--- Comment #32 from Katrin Fischer ---
Pushed for 24.05!
Well done everyone, thank you!
--
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
Katrin Fischer changed:
What|Removed |Added
Version(s)||24.05.00
released
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
David Cook changed:
What|Removed |Added
QA Contact|testo...@bugs.koha-communit |dc...@prosentient.com.au
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
David Cook changed:
What|Removed |Added
Status|Signed Off |Passed QA
--- Comment #31
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
David Cook changed:
What|Removed |Added
Status|Needs Signoff |Signed Off
--
You are
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
David Cook changed:
What|Removed |Added
Attachment #164412|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
David Cook changed:
What|Removed |Added
Attachment #164411|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
David Cook changed:
What|Removed |Added
Attachment #163553|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
David Cook changed:
What|Removed |Added
Attachment #163552|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
--- Comment #26 from Jonathan Druart ---
Good to go now if nothing better is found.
--
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
--- Comment #25 from Jonathan Druart ---
Created attachment 164412
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=164412=edit
Bug 36349: Add tests
--
You are receiving this mail because:
You are watching all bug
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
--- Comment #24 from Jonathan Druart ---
Created attachment 164411
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=164411=edit
Bug 36349: Remove passing CGI params from sco/printslip.pl
--
You are receiving this
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
--- Comment #23 from David Cook ---
I need to switch tasks, but let me know what you think.
Otherwise, I can QA stamp this tomorrow...
--
You are receiving this mail because:
You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
--- Comment #22 from David Cook ---
For completeness, we should remove the AutoSelfCheck stuff from
opac/sco/printslip.pl as well, since it's covered by the second patch.
--
You are receiving this mail because:
You are watching
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
--- Comment #21 from David Cook ---
With the 1st patch, we've got manual log in fixed for
/cgi-bin/koha/sco/sco-main.pl
If it's the first session, I can manually log into
/cgi-bin/koha/sci/sci-main.pl
(However, if I log into
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
--- Comment #20 from David Cook ---
Sorry for neglecting this one so long. I'm taking a deeper look at the issue
today...
--
You are receiving this mail because:
You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
Andrew Fuerste-Henry changed:
What|Removed |Added
Blocks||32256
Referenced
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
--- Comment #19 from Victor Grousset/tuxayo ---
(In reply to Jonathan Druart from comment #18)
> What you describe is "expected". At least other login forms are affected by
> this and should be reported on its own bug (ie. not only
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
Jonathan Druart changed:
What|Removed |Added
Status|Failed QA |Needs Signoff
---
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
--- Comment #17 from Victor Grousset/tuxayo ---
oops, I though the confusion was about whether or not both SCI and SCO were
affected by the bug. Turns out patches indeed addresses both even if touching
opac/sci/sci-main.pl wasn't
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
--- Comment #16 from Jonathan Druart ---
(In reply to Victor Grousset/tuxayo from comment #14)
> (In reply to Jonathan Druart from comment #12)
> > (In reply to Nick Clemens from comment #10)
> > > This works, but it doesn't cover
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
Victor Grousset/tuxayo changed:
What|Removed |Added
Depends on||36195
Referenced
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
--- Comment #15 from Victor Grousset/tuxayo ---
I see what is confusing: When logged in the OPAC already (or in staff if it's
the same domain), SCI seems to have no issue because it uses the current
session.
--
You are receiving
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
Victor Grousset/tuxayo changed:
What|Removed |Added
CC||vic...@tuxayo.net
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
--- Comment #13 from Jonathan Druart ---
(In reply to Marcel de Rooy from comment #11)
> Changes to Auth need tests.
Yes, but first I would like to make sure there is not a better solution,
because it smells!
--
You are receiving
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
--- Comment #12 from Jonathan Druart ---
(In reply to Nick Clemens from comment #10)
> This works, but it doesn't cover the SCI too - separate bug or want to
> update the patch?
What's broken with SCI?
--
You are receiving this
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
Marcel de Rooy changed:
What|Removed |Added
Status|Signed Off |Failed QA
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
--- Comment #10 from Nick Clemens ---
This works, but it doesn't cover the SCI too - separate bug or want to update
the patch?
--
You are receiving this mail because:
You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
--- Comment #9 from Owen Leonard ---
Created attachment 163553
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=163553=edit
Bug 36349: Fix AutoSelfCheckAllowed
Move the check to C4::Auth.
Yes, it's not nice, I
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
Owen Leonard changed:
What|Removed |Added
Attachment #163356|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
Owen Leonard changed:
What|Removed |Added
Status|Needs Signoff |Signed Off
Patch
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
Jonathan Druart changed:
What|Removed |Added
Assignee|koha-b...@lists.koha-commun |jonathan.dru...@gmail.com
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
Jonathan Druart changed:
What|Removed |Added
Attachment #163386|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
Jonathan Druart changed:
What|Removed |Added
Status|Failed QA |Needs Signoff
--
You
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
--- Comment #5 from Jonathan Druart ---
And logout is broken as well, you cannot finish the user session.
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
--- Comment #4 from Jonathan Druart ---
Created attachment 163386
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=163386=edit
Bug 36349: Fix AutoSelfCheckAllowed
This feels terribly wrong...
--
You are receiving
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
Jonathan Druart changed:
What|Removed |Added
CC||jonathan.dru...@gmail.com
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
David Nind changed:
What|Removed |Added
CC||da...@davidnind.com
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
David Cook changed:
What|Removed |Added
CC||dc...@prosentient.com.au
--
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
Nick Clemens changed:
What|Removed |Added
Depends on||34478, 36102
Referenced
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
--- Comment #1 from Nick Clemens ---
Created attachment 163356
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=163356=edit
Bug 36349: Make sure CSRF token is included for all login scenarios
To test:
1 - In KTD
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
Nick Clemens changed:
What|Removed |Added
Status|NEW |Needs Signoff
--
You are
45 matches
Mail list logo
