← Previous day | Today | Next day → | Search | Index
All times shown according to UTC.
| Time | Nick | Message |
|---|---|---|
| 05:28 | slef joined #koha | |
| 05:51 | dcook | @later tell Joubu I'm not keen for a SVC API user to use the REST API for CSRF tokens. Also, I think it's fairly common design to get the CSRF token from the response headers of the previous API call, so I think my work on SVC API still stands. But happy to discuss more. |
| 05:51 | huginn` | dcook: The operation succeeded. |
| 05:51 | dcook | Not sure about vcirc/set-library.pl. I'll take a quick look. It's something I added recently. |
| 05:58 | Joubu: Yeah looks like it's been fixed. I'll update the pad for set-library.pl | |
| 05:59 | Joubu | @later tell lukeg You have an account on jenkins it seems |
| 05:59 | huginn` | Joubu: The operation succeeded. |
| 05:59 | Joubu | dcook: I've done a lot for svc scripts already |
| 06:02 | slef joined #koha | |
| 06:08 | Joubu | oleonard: ping me when you are around, if you still get the permission problem on .pot files |
| 07:34 | reiveune joined #koha | |
| 07:34 | reiveune | hello |
| 07:59 | fridolin joined #koha | |
| 07:59 | fridolin | hollow |
| 08:30 | paulderscheid[m] | morning #koha |
| 08:40 | krimsonkharne[m] | o/ |
| 09:41 | Hanz joined #koha | |
| 11:25 | oleonard joined #koha | |
| 11:33 | khall joined #koha | |
| 11:48 | oleonard | Hi #koha |
| 12:02 | Hi? #koha? | |
| 12:09 | Joubu | Hi! oleonard! |
| 12:13 | oleonard | :) |
| 12:28 | lds joined #koha | |
| 12:54 | ashimema | Hola |
| 12:54 | 🪄 | |
| 12:55 | *Â ashimema | isn't really here today, just waiting in the queue for Harry Potter Studios with the kids |
| 12:59 | magnuse | ashimema: yay! |
| 13:00 | see if you can find any good perl spells or options? | |
| 13:04 | krimsonkharne[m] | ex-perl-iarmus! |
| 13:09 | matts | :) |
| 13:12 | MarkHofstetter joined #koha | |
| 13:13 | domm[m] joined #koha | |
| 13:13 | domm[m] | Joubu: hey! |
| 13:14 | Joubu | o/ |
| 13:15 | MarkHofstetter | ho! |
| 13:17 | Joubu | domm[m]: I don't think we can use the CSRFBlock middleware, Koha is not a full psgi app |
| 13:17 | and we are not using plack sessions | |
| 13:17 | domm[m] | Yeah, but I guess it can be used for inspiration |
| 13:17 | Joubu | yes, definitelly, I didn't think about that this morning... |
| 13:17 | domm[m] | But generally I think that a Middleware would be the correct place to handle CSRF |
| 13:18 | It runs before the actual request, and can inspect the request env (i.e. headers and params). | |
| 13:19 | and if some conditions are true, you can just return 400 (or whatever) without ever hitting the actual app | |
| 13:19 | Joubu | domm[m]: I think I am just trying to be too nice :D I wanted to provide the end user with an integrated error on the Koha UI "wrong csrf token" (we have that implemented already) |
| 13:20 | but returning a 403 seems a good idea | |
| 13:20 | domm[m] | You can also return some nice HTML |
| 13:20 | https://metacpan.org/pod/Plack[…]::PrettyException  :-) | |
| 13:21 | The problem will be that to render the Koha UI, you'll need the app | |
| 13:21 | so short-circuiting to an error won't be an option | |
| 13:22 | BUT: You can also change the downstream URL in the middleware (i.e. to point to an action/cgi that will render the nice error) and then call the app with that rewritten path | |
| 13:22 | so instead of calling the action the user wanted to call, you can force them to another action (i.e. the error page) if some conditions are true | |
| 13:24 | Joubu | yes, I was stuck this morning trying to empty the "op" parameter, but what you are suggesting seems better. And more things to learn. |
| 13:25 | The other idea was to inherit from Plack::Request and adjust the "parameters" env, but it feels so wrong. Without even knowing if it would work at the end. | |
| 13:32 | domm[m] | no, middleware is the correct place |
| 13:32 | * domm[m] | sent a code block: https://matrix.org/_matrix/med[…]vpImJSTJOBvhumXIs |
| 13:34 | domm[m] | if you want to change the value of param 'op' you'd need to do that in $env (though I'm not sure how easy that is for POST). in the worst case you would need to create a new $env by copying everything from the old one (without op) |
| 13:34 | Joubu | yes, it's exactly what I have, but then trying to hack $self->env->{'plack.request.merged'} to empty 'op', until I realized that stupid CGI is not aware of that anyway... |
| 13:36 | it didn't work when I tried that | |
| 13:38 | khall joined #koha | |
| 13:40 | Dyrcona joined #koha | |
| 13:42 | Joubu | domm[m]: ha, it's working! I was so close! Thanks for helping me on this! |
| 13:48 | caroline joined #koha | |
| 13:55 | marie-luce joined #koha | |
| 13:56 | domm[m] | Joubu: happy to be your rubber duck :-) |
| 14:10 | dpk joined #koha | |
| 14:17 | domm[m] | What do I do when bugzilla denies a patch because 413 Request Entity Too Large (via git bz)? |
| 14:18 | khall_ joined #koha | |
| 14:21 | Joubu | domm[m]: push to a remote branch |
| 14:25 | domm[m] | into which repo? I don't have access to git.koha-community.org? So to our github fork? |
| 14:26 | 0+ | |
| 14:31 | Joubu | yes, github or gitlab or whatever |
| 14:31 | the git.k-c.org is not meant for that anyway | |
| 14:42 | cait joined #koha | |
| 15:08 | krimsonkharne[m] | quick question... anybody ever done a patron import with overwriting multiple patron attributes? |
| 15:08 | lds_ joined #koha | |
| 15:14 | Joubu | krimsonkharne[m]: "attr_1:foo2,attr_bar:bar" |
| 15:14 | I have that somewhere in a lost file. If this is your question. | |
| 15:15 | krimsonkharne[m] | cheers Joubu, exactly what I was looking for |
| 15:15 | Joubu++ | |
| 15:16 | Joubu | bug 23668 |
| 15:16 | huginn` | 04Bug https://bugs.koha-community.or[…]_bug.cgi?id=23668 enhancement, P5 - low, ---, koha-bugs, NEW , Manual on patron import: Information on syntax for patron attributes |
| 15:20 | khall joined #koha | |
| 15:23 | krimsonkharne[m] | on it |
| 15:24 | as long as I'm already testing it out, might as well do the doc xD | |
| 15:25 | aude_c[m] | Joubu++ |
| 15:25 | krimsonkharne++ | |
| 15:50 | PedroAmorim[m] | jajm++ |
| 15:55 | MelissaB joined #koha | |
| 15:55 | MelissaB | Hello. If I need to upgrade Koha, but also find out that Debian is outdated, do I upgrade Debian or Koha first? |
| 16:00 | bag joined #koha | |
| 16:02 | reiveune | bye |
| 16:04 | bye | |
| 16:04 | reiveune left #koha | |
| 16:07 | oleonard | MelissaB: I'm not an expert but I think you should export your data out of Koha before the Debian upgrade, then upgrade Koha after Debian. What version of Koha are you upgrading from? |
| 16:16 | MelissaB | oleonard: im on 21.11, but I do see the latest version runs on Debian 10, so I was actually now thinking to upgrade Koha and then Debian |
| 16:17 | im a little scared, but I have done the backups | |
| 16:17 | oleonard | You can always completely reinstall Koha and import your backup if something goes wrong. |
| 16:18 | But again, not an expert in these things. | |
| 16:18 | MelissaB | oleonard: true! thanks I feel better |
| 16:18 | no problem | |
| 18:01 | oleonard joined #koha | |
| 18:09 | lukeg joined #koha | |
| 18:14 | MelissaB joined #koha | |
| 18:14 | MelissaB | I finally upgraded |
| 18:14 | oleonard: thank you | |
| 18:14 | oleonard: is there a simple way to show all the items in my catalog? | |
| 18:15 | oleonard | I'm not sure if there is a wildcard search you can do in item search? Â Either way you could also build an SQL report |
| 18:16 | Oh I guess you can submit the item search form without making any selections and get all your items. | |
| 18:25 | MarkHofstetter joined #koha | |
| 18:30 | MelissaB | thanks oleonard |
| 20:36 | JasonGreene[m] | might be asking a bit,  can I get someone to "teamviewer" into my desktop and see where I am failing? 👀 |
← Previous day | Today | Next day → | Search | Index