Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Resolve this warning:
CGI::param called in list context from package C4::Service line 212, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 436.
It comes from the require_params call in sco-patron-image.pl.
Git grepping on require_params tells me this:
members/default_messageprefs.pl:my ($categorycode) = C4::Service->require_params('categorycode');
opac/sco/sco-patron-image.pl:my ($borrowernumber) = C4::Service->require_params('borrowernumber');
opac/sco/sco-patron-image.pl:my ($csrf_token) = C4::Service->require_params('csrf_token');
svc/cataloguing/metasearch:my ( $query_string, $servers ) = C4::Service->require_params( 'q', 'servers' );
The only candidate for multi_param seems to be 'servers', but as we can see
this variable is a scalar. Additional servers returned by require_params are
lost. This should be solved on its own report.
So, we can safely add scalar to the params call, resolve the warning and
keep the same behavior.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
* Extends login screen to pass along #hash
* Adds JSONP support to C4::Service
* Extends humanmsg to allow per-message classes
* Adds proper charset to results of svc/bib
Test plan:
1. C4/Auth.pm and .../intranet/.../auth.tt: verify that login/usage
works as expected, despite the change to pass on the fragment (...#blah)
from the URL.
2. C4/Service.pm and humanmsg.js: verify that editing system
preferences (the main user of these modules) works correctly despite
updates.
3. svc/bib: verify that records can be correctly downloaded with the
change of character set. This can be done in a Firebug/Chrome Devtools
console by running `$.get('/cgi-bin/koha/svc/bib/1')` and inspecting the
results (possibly replacing 1 with a different valid biblionumber).
Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
http://bugs.koha-community.org/show_bug.cgi?id=9987
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This adds two new C4 modules, C4::Service and ::Output::JSONStream, and
makes important modifications to C4::Output. The first two are a basic
framework for JSON-based AJAX services and a simple JSON output wrapper,
respectively. C4::Output has been slightly refactored, with a new
function, output_with_http_headers, that supports different
content-types. output_html_with_http_headers still exists, and the three
pages affected by this change have been refactored to support it.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>