[Patches] [PATCH] Bug 6627 [Signed Off] - Update to improve security in
koha-patchbot at kohaaloha.com
koha-patchbot at kohaaloha.com
Sat Dec 31 08:40:03 NZDT 2011
From: Duncan Tyler <duncan at catalyst.net.nz>
Date: Wed, 21 Dec 2011 14:59:21 +1300
Subject: [PATCH] Bug 6627 [Signed Off] - Update to improve security in
specified log files - bug 6627
Content-Type: text/plain; charset="utf-8"
Signed-off-by: Liz Rea <wizzyrea at gmail.com>
Verified sessionlog file is not written to /tmp when patch is applied. Also verified original bug - logging in did in fact log to /tmp.
---
C4/Auth.pm | 8 ++++----
C4/Print.pm | 10 +++++++++-
installer/InstallAuth.pm | 3 ++-
3 files changed, 15 insertions(+), 6 deletions(-)
diff --git a/C4/Auth.pm b/C4/Auth.pm
index e360e10..bbe472b 100755
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@@ -703,7 +703,7 @@ sub checkauth {
$session->flush;
$session->delete();
C4::Context->_unset_userenv($sessionID);
- _session_log(sprintf "%20s from %16s logged out at %30s (manually).\n", $userid,$ip,(strftime "%c",localtime));
+ #_session_log(sprintf "%20s from %16s logged out at %30s (manually).\n", $userid,$ip,(strftime "%c",localtime));
$sessionID = undef;
$userid = undef;
@@ -716,7 +716,7 @@ sub checkauth {
$info{'timed_out'} = 1;
$session->delete();
C4::Context->_unset_userenv($sessionID);
- _session_log(sprintf "%20s from %16s logged out at %30s (inactivity).\n", $userid,$ip,(strftime "%c",localtime));
+ #_session_log(sprintf "%20s from %16s logged out at %30s (inactivity).\n", $userid,$ip,(strftime "%c",localtime));
$userid = undef;
$sessionID = undef;
}
@@ -727,7 +727,7 @@ sub checkauth {
$info{'different_ip'} = 1;
$session->delete();
C4::Context->_unset_userenv($sessionID);
- _session_log(sprintf "%20s from %16s logged out at %30s (ip changed to %16s).\n", $userid,$ip,(strftime "%c",localtime), $info{'newip'});
+ #_session_log(sprintf "%20s from %16s logged out at %30s (ip changed to %16s).\n", $userid,$ip,(strftime "%c",localtime), $info{'newip'});
$sessionID = undef;
$userid = undef;
}
@@ -765,7 +765,7 @@ sub checkauth {
$userid = $retuserid if ($retuserid ne '');
}
if ($return) {
- _session_log(sprintf "%20s from %16s logged in at %30s.\n", $userid,$ENV{'REMOTE_ADDR'},(strftime '%c', localtime));
+ #_session_log(sprintf "%20s from %16s logged in at %30s.\n", $userid,$ENV{'REMOTE_ADDR'},(strftime '%c', localtime));
if ( $flags = haspermission( $userid, $flagsrequired ) ) {
$loggedin = 1;
}
diff --git a/C4/Print.pm b/C4/Print.pm
index 2ba7584d..f810816 100644
--- a/C4/Print.pm
+++ b/C4/Print.pm
@@ -79,7 +79,8 @@ sub remoteprint ($$) {
# to have spaces in them). Or perhaps if $queue eq "" and
# $env->{file} ne "", then that should mean "print to $env->{file}".
if ( $queue eq "" || $queue eq 'nulllp' ) {
- open( PRINTER, ">/tmp/kohaiss" );
+ return;
+ #open( PRINTER, ">/tmp/kohaiss" );
}
else {
@@ -125,6 +126,10 @@ sub remoteprint ($$) {
}
sub printreserve {
+
+ # FIXME - make useful
+ return;
+
my ( $branchname, $bordata, $itemdata ) = @_;
my $printer = '';
(return) unless ( C4::Context->boolean_preference('printreserveslips') );
@@ -175,6 +180,9 @@ print a slip for the given $borrowernumber
#'
sub printslip ($) {
+
+ #FIXME - make useful
+
my $borrowernumber = shift;
my $borrower = GetMemberDetails($borrowernumber);
my $issueslist = GetPendingIssues($borrowernumber);
diff --git a/installer/InstallAuth.pm b/installer/InstallAuth.pm
index 10cbea3..ccdcbcb 100644
--- a/installer/InstallAuth.pm
+++ b/installer/InstallAuth.pm
@@ -274,7 +274,8 @@ sub checkauth {
C4::Context->_unset_userenv($sessionID);
$sessionID = undef;
$userid = undef;
- open L, ">>/tmp/sessionlog";
+ # Commented out due to its lack of usefulness
+ # open L, ">>/tmp/sessionlog";
my $time = localtime( time() );
printf L "%20s from %16s logged out at %30s (manually).\n", $userid,
$ip, $time;
--
1.7.5.4
More information about the Patches
mailing list