| Time |
S |
Nick |
Message |
| 05:28 |
|
|
slef joined #koha |
| 05:51 |
|
dcook |
@later tell Joubu I'm not keen for a SVC API user to use the REST API for CSRF tokens. Also, I think it's fairly common design to get the CSRF token from the response headers of the previous API call, so I think my work on SVC API still stands. But happy to discuss more. |
| 05:51 |
|
huginn` |
dcook: The operation succeeded. |
| 05:51 |
|
dcook |
Not sure about vcirc/set-library.pl. I'll take a quick look. It's something I added recently. |
| 05:58 |
|
dcook |
Joubu: Yeah looks like it's been fixed. I'll update the pad for set-library.pl |
| 05:59 |
|
Joubu |
@later tell lukeg You have an account on jenkins it seems |
| 05:59 |
|
huginn` |
Joubu: The operation succeeded. |
| 05:59 |
|
Joubu |
dcook: I've done a lot for svc scripts already |
| 06:02 |
|
|
slef joined #koha |
| 06:08 |
|
Joubu |
oleonard: ping me when you are around, if you still get the permission problem on .pot files |
| 07:34 |
|
|
reiveune joined #koha |
| 07:34 |
|
reiveune |
hello |
| 07:59 |
|
|
fridolin joined #koha |
| 07:59 |
|
fridolin |
hollow |
| 08:30 |
|
paulderscheid[m] |
morning #koha |
| 08:40 |
|
krimsonkharne[m] |
o/ |
| 09:41 |
|
|
Hanz joined #koha |
| 11:25 |
|
|
oleonard joined #koha |
| 11:33 |
|
|
khall joined #koha |
| 11:48 |
|
oleonard |
Hi #koha |
| 12:02 |
|
oleonard |
Hi? #koha? |
| 12:09 |
|
Joubu |
Hi! oleonard! |
| 12:13 |
|
oleonard |
:) |
| 12:28 |
|
|
lds joined #koha |
| 12:54 |
|
ashimema |
Hola |
| 12:54 |
|
ashimema |
🪄 |
| 12:55 |
|
*Â ashimema |
isn't really here today, just waiting in the queue for Harry Potter Studios with the kids |
| 12:59 |
|
magnuse |
ashimema: yay! |
| 13:00 |
|
magnuse |
see if you can find any good perl spells or options? |
| 13:04 |
|
krimsonkharne[m] |
ex-perl-iarmus! |
| 13:09 |
|
matts |
:) |
| 13:12 |
|
|
MarkHofstetter joined #koha |
| 13:13 |
|
|
domm[m] joined #koha |
| 13:13 |
|
domm[m] |
Joubu: hey! |
| 13:14 |
|
Joubu |
o/ |
| 13:15 |
|
MarkHofstetter |
ho! |
| 13:17 |
|
Joubu |
domm[m]: I don't think we can use the CSRFBlock middleware, Koha is not a full psgi app |
| 13:17 |
|
Joubu |
and we are not using plack sessions |
| 13:17 |
|
domm[m] |
Yeah, but I guess it can be used for inspiration |
| 13:17 |
|
Joubu |
yes, definitelly, I didn't think about that this morning... |
| 13:17 |
|
domm[m] |
But generally I think that a Middleware would be the correct place to handle CSRF |
| 13:18 |
|
domm[m] |
It runs before the actual request, and can inspect the request env (i.e. headers and params). |
| 13:19 |
|
domm[m] |
and if some conditions are true, you can just return 400 (or whatever) without ever hitting the actual app |
| 13:19 |
|
Joubu |
domm[m]: I think I am just trying to be too nice :D I wanted to provide the end user with an integrated error on the Koha UI "wrong csrf token" (we have that implemented already) |
| 13:20 |
|
Joubu |
but returning a 403 seems a good idea |
| 13:20 |
|
domm[m] |
You can also return some nice HTML |
| 13:20 |
|
domm[m] |
https://metacpan.org/pod/Plack[…]::PrettyException  :-) |
| 13:21 |
|
domm[m] |
The problem will be that to render the Koha UI, you'll need the app |
| 13:21 |
|
domm[m] |
so short-circuiting to an error won't be an option |
| 13:22 |
|
domm[m] |
BUT: You can also change the downstream URL in the middleware (i.e. to point to an action/cgi that will render the nice error) and then call the app with that rewritten path |
| 13:22 |
|
domm[m] |
so instead of calling the action the user wanted to call, you can force them to another action (i.e. the error page) if some conditions are true |
| 13:24 |
|
Joubu |
yes, I was stuck this morning trying to empty the "op" parameter, but what you are suggesting seems better. And more things to learn. |
| 13:25 |
|
Joubu |
The other idea was to inherit from Plack::Request and adjust the "parameters" env, but it feels so wrong. Without even knowing if it would work at the end. |
| 13:32 |
|
domm[m] |
no, middleware is the correct place |
| 13:32 |
|
*Â domm[m] |
sent a code block: https://matrix.org/_matrix/med[…]vpImJSTJOBvhumXIs |
| 13:34 |
|
domm[m] |
if you want to change the value of param 'op' you'd need to do that in $env (though I'm not sure how easy that is for POST). in the worst case you would need to create a new $env by copying everything from the old one (without op) |
| 13:34 |
|
Joubu |
yes, it's exactly what I have, but then trying to hack $self->env->{'plack.request.merged'} to empty 'op', until I realized that stupid CGI is not aware of that anyway... |
| 13:36 |
|
Joubu |
it didn't work when I tried that |
| 13:38 |
|
|
khall joined #koha |
| 13:40 |
|
|
Dyrcona joined #koha |
| 13:42 |
|
Joubu |
domm[m]: ha, it's working! I was so close! Thanks for helping me on this! |
| 13:48 |
|
|
caroline joined #koha |
| 13:55 |
|
|
marie-luce joined #koha |
| 13:56 |
|
domm[m] |
Joubu: happy to be your rubber duck :-) |
| 14:10 |
|
|
dpk joined #koha |
| 14:17 |
|
domm[m] |
What do I do when bugzilla denies a patch because 413 Request Entity Too Large (via git bz)? |
| 14:18 |
|
|
khall_ joined #koha |
| 14:21 |
|
Joubu |
domm[m]: push to a remote branch |
| 14:25 |
|
domm[m] |
into which repo? I don't have access to git.koha-community.org? So to our github fork? |
| 14:26 |
|
domm[m] |
0+ |
| 14:31 |
|
Joubu |
yes, github or gitlab or whatever |
| 14:31 |
|
Joubu |
the git.k-c.org is not meant for that anyway |
| 14:42 |
|
|
cait joined #koha |
| 15:08 |
|
krimsonkharne[m] |
quick question... anybody ever done a patron import with overwriting multiple patron attributes? |
| 15:08 |
|
|
lds_ joined #koha |
| 15:14 |
|
Joubu |
krimsonkharne[m]: "attr_1:foo2,attr_bar:bar" |
| 15:14 |
|
Joubu |
I have that somewhere in a lost file. If this is your question. |
| 15:15 |
|
krimsonkharne[m] |
cheers Joubu, exactly what I was looking for |
| 15:15 |
|
krimsonkharne[m] |
Joubu++ |
| 15:16 |
|
Joubu |
bug 23668 |
| 15:16 |
|
huginn` |
Bug https://bugs.koha-community.or[…]_bug.cgi?id=23668 enhancement, P5 - low, ---, koha-bugs, NEW , Manual on patron import: Information on syntax for patron attributes |
| 15:20 |
|
|
khall joined #koha |
| 15:23 |
|
krimsonkharne[m] |
on it |
| 15:24 |
|
krimsonkharne[m] |
as long as I'm already testing it out, might as well do the doc xD |
| 15:25 |
|
aude_c[m] |
Joubu++ |
| 15:25 |
|
aude_c[m] |
krimsonkharne++ |
| 15:50 |
|
PedroAmorim[m] |
jajm++ |
| 15:55 |
|
|
MelissaB joined #koha |
| 15:55 |
|
MelissaB |
Hello. If I need to upgrade Koha, but also find out that Debian is outdated, do I upgrade Debian or Koha first? |
| 16:00 |
|
|
bag joined #koha |
| 16:02 |
|
reiveune |
bye |
| 16:04 |
|
reiveune |
bye |
| 16:04 |
|
|
reiveune left #koha |
| 16:07 |
|
oleonard |
MelissaB: I'm not an expert but I think you should export your data out of Koha before the Debian upgrade, then upgrade Koha after Debian. What version of Koha are you upgrading from? |
| 16:16 |
|
MelissaB |
oleonard: im on 21.11, but I do see the latest version runs on Debian 10, so I was actually now thinking to upgrade Koha and then Debian |
| 16:17 |
|
MelissaB |
im a little scared, but I have done the backups |
| 16:17 |
|
oleonard |
You can always completely reinstall Koha and import your backup if something goes wrong. |
| 16:18 |
|
oleonard |
But again, not an expert in these things. |
| 16:18 |
|
MelissaB |
oleonard: true! thanks I feel better |
| 16:18 |
|
MelissaB |
no problem |
| 18:01 |
|
|
oleonard joined #koha |
| 18:09 |
|
|
lukeg joined #koha |
| 18:14 |
|
|
MelissaB joined #koha |
| 18:14 |
|
MelissaB |
I finally upgraded |
| 18:14 |
|
MelissaB |
oleonard: thank you |
| 18:14 |
|
MelissaB |
oleonard: is there a simple way to show all the items in my catalog? |
| 18:15 |
|
oleonard |
I'm not sure if there is a wildcard search you can do in item search? Â Either way you could also build an SQL report |
| 18:16 |
|
oleonard |
Oh I guess you can submit the item search form without making any selections and get all your items. |
| 18:25 |
|
|
MarkHofstetter joined #koha |
| 18:30 |
|
MelissaB |
thanks oleonard |
| 20:36 |
|
JasonGreene[m] |
might be asking a bit,  can I get someone to "teamviewer" into my desktop and see where I am failing? 👀 |
