Permalink
Commits on Oct 24, 2016
  1. Merged Hotfix-1.3.1 into master

    jeffnm committed Oct 24, 2016
Commits on Oct 21, 2016
  1. SQL Security Patch

    jeffnm committed Oct 21, 2016
    Security patch for sql injection vulnerability
Commits on May 4, 2016
  1. SECURITY: Enforce redirect to login page

    remocrevo committed May 3, 2016
    Thanks to Ian Walls for reporting this issue. NOTE: This affects all
    modules, not just the Resources module. From his report:
    
    The ajax scripts (ajax_htmldata.php and ajax_processing.php) are not
    authenticated. Thus, as a malicious user on the open internet with only
    the domain name and path of a CORAL install, I can not only read
    usernames and passwords for database platforms (if added by the
    institution), but also delete resources from the database and run
    arbitrary code.
    
    Examples:
      * Read accounts:
        curl 'http://coraldemo.library.tamu.edu/resources/ajax_htmldata.php?action=getAccountDetails&resourceID=27'
      * Delete a resource:
        curl 'http://coraldemo.library.tamu.edu/resources/ajax_processing.php?action=deleteResource&resourceID=27'
      * Upload a malicious script:
        curl 'http://coraldemo.library.tamu.edu/resources/ajax_processing.php?action=uploadAttachment' -H 'Content-Type: multipart/form-data' -F 'myfile=@/home/user/Desktop/myevilscript.php'
    
    This commit simply causes the script to exit after attempting to forward
    to the login page, to prevent any further data from being sent to
    disobedient browsers (such as curl). A patch file is also included.
    
    Signed-off-by: Remington Steed <rjs7@calvin.edu>
  2. Add UTF8 conversion to upgrade script

    remocrevo committed May 4, 2016
    This commit appends the provided UTF8 conversion script into the
    upgrade_1.3.sql script.
    
    Signed-off-by: Remington Steed <rjs7@calvin.edu>
Commits on May 3, 2016
  1. Prepare upgrade process for Organizations 1.3

    remocrevo committed May 3, 2016
    This commit prepares the upgrade.php script, the SQL script, and the
    UPGRADE_README instructions for the 1.3 update of the Organizations
    module.
    
    Signed-off-by: Remington Steed <rjs7@calvin.edu>
Commits on Feb 4, 2016
  1. Merge pull request #27 from TAMULib/issues_feature_remastered

    doug-hahn committed Feb 4, 2016
    Issues and Downtime Feature
Commits on Jan 22, 2016
  1. Merge branch 'master' into issues_feature_remastered

    jsavell committed Jan 22, 2016
    Conflicts:
    	css/style.css
    	js/orgDetail.js
    	orgDetail.php
Commits on Dec 22, 2015
  1. Merge pull request #26 from biblibre/issue18

    PaulPoulain committed Dec 22, 2015
    Translate module Organizations
Commits on Dec 17, 2015
Commits on Dec 16, 2015
  1. Update Readme / Sample Config

    doug-hahn committed Dec 16, 2015
Commits on Dec 14, 2015
  1. Update Version

    doug-hahn committed Dec 14, 2015
Commits on Dec 8, 2015
Commits on Nov 30, 2015
  1. Translating Coral Organization module

    PaulPoulain committed Nov 30, 2015
     * fixing a rebase typo in ajax_form.php
     * updating translation to french
Commits on Nov 27, 2015
  1. Merge remote-tracking branch 'cesar/translate-organizations'

    PaulPoulain committed Nov 27, 2015
    Conflicts:
    	admin/classes/common/DBService.php
    	ajax_forms.php
    	install/create_tables_data.sql
    	js/forms/contactSubmitForm.js
Commits on Nov 24, 2015
  1. Remove requirement of Contact Name field

    remocrevo committed Nov 24, 2015
    While the code that requires a Contact Name has been present for a long
    time, it has done nothing since 2011 when the contactType field was
    removed. So a Contact Name hasn't been functionally required since then,
    and current consensus is to leave it as not required. This commit
    removes the requirement code for that field.
    
    Signed-off-by: Remington Steed <rjs7@calvin.edu>
  2. Correct the wording of validation messages

    remocrevo committed Nov 24, 2015
    Signed-off-by: Remington Steed <rjs7@calvin.edu>
  3. Validated admin forms to avoid update a form without data.

    Cesarfr committed with remocrevo Jun 5, 2015
    Forms validated:
    * Organization Role
    * Contact Role
    * Alias Type
    * External Login Type
    * Issue Type
  4. Validated forms (issue #21)

    Cesarfr committed with remocrevo Jun 4, 2015
    * Contact form
    * Account form
    * Issues form
Commits on Oct 2, 2015
  1. adjust new issue form

    jsavell committed Oct 2, 2015
Commits on Sep 28, 2015
  1. Fix bug in Org editing existance check

    remocrevo committed Sep 28, 2015
    The code provides two ways of excluding the Org being edited when
    checking for a duplicate. However, we still see the message "This
    organization already exists" when changing the capitalization of an Org
    name. This is because both attempts at exclusion are buggy and sometimes
    fail. This buggy behavior appears on our older live installation, but
    not on our test installation using the latest master code (even though
    the buggy code still remains). This commit fixes the bugs anyway (and
    removes one of the exclusions to simplify the code), to prevent them
    from resurfacing later.
    
    Signed-off-by: Remington Steed <rjs7@calvin.edu>
Commits on Aug 24, 2015
Commits on Aug 21, 2015
  1. create downtime from issue list

    jsavell committed Aug 21, 2015
Commits on Aug 20, 2015
  1. note field for downtimes

    jsavell committed Aug 20, 2015
  2. remove double date variables

    jsavell committed Aug 20, 2015
  3. Merge branch 'form_validation' into sprint10_staging

    jsavell committed Aug 20, 2015
    Conflicts:
    	js/common.js
    	js/orgDetail.js
Commits on Aug 19, 2015
Commits on Aug 18, 2015
  1. Merge pull request #3 from TAMULib/form_validation_clean

    jsavell committed Aug 18, 2015
    Form validation clean (nms)