Main Koha release repository
https://koha-community.org
096fd4acfa
CGI param basketno should be explicitly scalar, or else error log gets flooded with this warning: AH01215: CGI::param called in list context from /home/vagrant/kohaclone/acqui/basket.pl line 175, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 412. This patch fixes it by working with it in a scalar context. The functionality still remains the same but warning doesn't flood error log. To reproduce: 1. Head over to the acquisitions page. 2. Pick existing vendor with email contact info or create a new one. 3. Create a new basket or use existing one, and if it doesn't have any orders, add a new order to it. 4. Use the "E-mail order" button to send order. 5. Check the error log and find the upper mentioned warning. (Note: if you're going to test this more than once, you might need to restart your Plack in order for this warning to get added to your log file again, reasons of that is that the authors of CGI.pm decided to "warn only once") 6. Apply the patch. 7. Use the "E-mail order" button again, ensure that the same warning doesn't get added to the log file again. Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> |
||
|---|---|---|
| acqui | ||
| admin | ||
| api | ||
| authorities | ||
| basket | ||
| bin | ||
| C4 | ||
| catalogue | ||
| cataloguing | ||
| circ | ||
| clubs | ||
| course_reserves | ||
| debian | ||
| docs | ||
| errors | ||
| etc | ||
| ill | ||
| installer | ||
| Koha | ||
| koha-tmpl | ||
| labels | ||
| lib/CGI/Session/Serialize | ||
| members | ||
| misc | ||
| offline_circ | ||
| opac | ||
| patron_lists | ||
| patroncards | ||
| plugins | ||
| pos | ||
| recalls | ||
| reports | ||
| reserve | ||
| reviews | ||
| rotating_collections | ||
| serials | ||
| services | ||
| skel | ||
| suggestion | ||
| svc | ||
| t | ||
| tags | ||
| tmp/modified_authorities | ||
| tools | ||
| virtualshelves | ||
| xt | ||
| .editorconfig | ||
| .eslintrc.json | ||
| .gitignore | ||
| .htaccess | ||
| .mailmap | ||
| .perlcriticrc | ||
| .proverc.dist | ||
| .scss-lint.yml | ||
| about.pl | ||
| app.psgi | ||
| changelanguage.pl | ||
| cpanfile | ||
| fix-perl-path.PL | ||
| gulpfile.js | ||
| help.pl | ||
| INSTALL | ||
| Koha.pm | ||
| koha_perl_deps.pl | ||
| kohaversion.pl | ||
| LICENSE | ||
| mainpage.pl | ||
| Makefile.PL | ||
| MANIFEST.SKIP | ||
| package.json | ||
| README | ||
| README.md | ||
| README.robots | ||
| rewrite-config.PL | ||
| yarn.lock | ||
Koha is a free software integrated library system (ILS).
Koha is distributed under the GNU GPL version 3 or later.
Note: Koha does not accept pull requests from git hosting sites.
Note: This project has its own bug tracker, to report a bug or submit a patch visit http://bugs.koha-community.org.
For guidelines on submitting patches for Koha please visit https://wiki.koha-community.org/wiki/SubmitingAPatch
The developers handbook can be found at https://wiki.koha-community.org/wiki/Developer_handbook
