Validate galley IDs against submissions #8299
Assignees
Labels
Housekeeping:1:Todo
Any dependency management or refactor that would be nice to have some day.
Milestone
Comments
NateWr
added
the
Housekeeping:1:Todo
NateWr
added a commit
to NateWr/ojs
that referenced
this issue
Sep 29, 2022
NateWr
added a commit
to NateWr/pkp-lib
that referenced
this issue
Sep 29, 2022
NateWr
added a commit
to NateWr/ojs
that referenced
this issue
Sep 29, 2022
NateWr
added a commit
to NateWr/ops
that referenced
this issue
Sep 29, 2022
NateWr
added a commit
to NateWr/pkp-lib
that referenced
this issue
Sep 29, 2022
NateWr
added a commit
to NateWr/ojs
that referenced
this issue
Sep 29, 2022
NateWr
added a commit
to NateWr/ojs
that referenced
this issue
Sep 29, 2022
NateWr
added a commit
to NateWr/ops
that referenced
this issue
Sep 29, 2022
|
PRs for PRs for |
|
Thanks, @NateWr, looks good -- please go ahead and merge. I'll try to get 3.3.0-13 released tomorrow if this is ready to be included. |
NateWr
added a commit
to NateWr/pkp-lib
that referenced
this issue
Oct 4, 2022
NateWr
added a commit
to NateWr/ojs
that referenced
this issue
Oct 4, 2022
NateWr
added a commit
to pkp/ojs
that referenced
this issue
Oct 4, 2022
pkp/pkp-lib#8299 Get galley from helper method
NateWr
added a commit
to pkp/ops
that referenced
this issue
Oct 4, 2022
pkp/pkp-lib#8299 Fix galley grid
NateWr
added a commit
to NateWr/pkp-lib
that referenced
this issue
Oct 4, 2022
NateWr
added a commit
to NateWr/ojs
that referenced
this issue
Oct 4, 2022
NateWr
added a commit
to NateWr/ops
that referenced
this issue
Oct 4, 2022
NateWr
added a commit
to pkp/ojs
that referenced
this issue
Oct 4, 2022
pkp/pkp-lib#8299 Fix galley grid
NateWr
added a commit
to pkp/ops
that referenced
this issue
Oct 4, 2022
pkp/pkp-lib#8299 Fix galley grid
|
All merged to |
NateWr
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
The galley grids often use the requested galley id without checking it against the authorized objects.
To Reproduce
Reproduction steps will be withheld until a secure release has been made.
What application are you using?
Affects OJS and OPS 3.3.
Resolution
We recommend one of the following approaches to resolve this issue.
1. Download and upgrade
Upgrade to OJS 3.3.0-13 or OPS 3.3.0-13 or a newer version.
2. Using Git
If you are running your application off of a git repository, you can pull the commits into your repo.
Update the Stable Branch
If you are running your application off of the official
stable-3_3_0branch, please pull the latest commits into your repo in the root directory as well as the submodule atlib/pkp.Cherry-pick to a Fork
If you are running your application off of a forked version of our software, please follow these steps to cherry-pick the changes into your fork of our
stable-3_3_0branch:For OJS:
git cherry-pick 342d655cd lib/pkpgit cherry-pick 9c997a8For OPS:
git cherry-pick 25c4c66cd lib/pkpgit cherry-pick 9c997a83. Using Patches
If you have installed OJS or OPS 3.3.0-13, you can can manually patch the files on your server by running these commands.
For OJS:
cd [path to OJS]wget -O - -q https://github.com/pkp/ojs/commit/342d655.diff | patch -p1 --dry-runcd lib/pkpwget -O - -q https://github.com/pkp/pkp-lib/commit/9c997a8.diff | patch -p1 --dry-runcd ../..wget -O - -q https://github.com/pkp/ojs/commit/342d655.diff | patch -p1cd lib/pkpwget -O - -q https://github.com/pkp/pkp-lib/commit/9c997a8.diff | patch -p1For OPS:
cd [path to OPS]wget -O - -q https://github.com/pkp/ojs/commit/25c4c66.diff | patch -p1 --dry-runcd lib/pkpwget -O - -q https://github.com/pkp/pkp-lib/commit/9c997a8.diff | patch -p1 --dry-runcd ../..wget -O - -q https://github.com/pkp/ojs/commit/25c4c66.diff | patch -p1cd lib/pkpwget -O - -q https://github.com/pkp/pkp-lib/commit/9c997a8.diff | patch -p1The text was updated successfully, but these errors were encountered: