Date July 5th from 2:00 PM-3:00 PM EST
https://join.skype.com/uohKGgCNMBSG
- Old Business
- Rosie: Proposing to move 7.x Committers' Call away from Skype
- Anything Newly Release / Show and Tell
- Last Month’s Security Response
- Advisory ID: ISLANDORA-2017-01
- One of the PRs
- What was found, how it was tested, how it was addressed and if this exposed anything else
- Code Spot Light
- islandora_scholar/includes/derivatives.inc:84
- exec($command, $execout, $returncode);
- islandora_scholar/includes/derivatives.inc:84
- Jira
ISLANDORA-1535 Independent configuration for SPARQL Query endpointISLANDORA-1807 Travis 5.3.3 is not running codesnifferISLANDORA-1873 Book Batch does not apply POLICY to pages
- Hardening Servers running Islandora Document Updates (signup?)
- Open Discussion
- Email from Catalyst IT to [email protected]
- Possibly reaching out to Danny or Melissa to do discuss a possible securityadvisory.rss feed
- Email from Catalyst IT to [email protected]
- Look into solutions
August 2, 2017
- Moving away from skype? No strong feelings.
- New stuff / show and tell? [NTR]
- Ticket ISLANDORA-1999
- Suggesting validate the user input fields
- Example: imagemagick.module: L91
- Suggestion: Block people from saving a path that is not a path to an executable file.
- When we validate, test if the file exists and if it’s executable - see imagemagick.module
- If the path doesn’t fly, then don’t save that path to the variable, but save the rest of the form. (leave whatever was there before).
- This means we can’t use drupal’s system_settings_form; we’ll have to craft our own submit handlers.
Next Chair: Don Notes Are open for everyone to participate.