Koha/opac/svc
Marcel de Rooy bfbbe52ff7 Bug 21115: Add multi_param call and add divider in cache key in svc/report and opac counterpart
Resolve things like:
CGI::param called in list context from package CGI::Compile::ROOT::usr_share_koha_prodclone_opac_svc_report line 42, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 436.

The cache key in both script looks like:
    opac:report:id:602018
but should for consistency be:
    opac:report:id:60:2018
Note: The 2018 here is part of the sql_params and should not be
concatenated to the report id.

Test plan:
Do not yet apply this patch.
Make a report public, set cache to 300 secs.
Check its output with opac/svc/report.
Check for the warn in your log.
Apply the patch, restart Plack and flush cache.
Check opac/svc/report.
Modify your report; e.g. add a simple string to the SELECT.
Check opac/svc/report. You should still see cached output.
Flush the cache.
Check opac/svc/report. You should now see the added text.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested also by clearing individual keys with $cache->clear_from_cache.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-15 13:45:42 +00:00
..
auth Bug 20287: Replace occurrences of AddMember with Koha::Patron->new->store->borrowernumber 2018-07-18 15:49:47 +00:00
club Bug 12461 - Add patron clubs feature 2017-04-28 08:37:44 -04:00
patron Bug 9303 [QA Followup] - Restore missing svc script 2015-12-31 13:09:49 +00:00
checkout_notes Bug 17698: Make patron notes show up on staff dashboard 2018-07-23 15:23:40 +00:00
overdrive Bug 21082: (RM follow-up) address QA issues 2018-10-09 11:04:24 +00:00
overdrive_proxy Bug 19991: use Modern::Perl in OPAC perl scripts 2018-08-30 13:40:32 +00:00
recordedbooks Bug 17602: OPAC integration of RecordedBooks 2018-10-01 13:56:39 +00:00
report Bug 21115: Add multi_param call and add divider in cache key in svc/report and opac counterpart 2018-10-15 13:45:42 +00:00
shelfbrowser.pl
suggestion Bug 19991: use Modern::Perl in OPAC perl scripts 2018-08-30 13:40:32 +00:00