Jonathan Druart
df23f6c345
The userenv (logged in user's info) are stored in
$C4::Context->context->{activeuser}, which persists in plack worker's
memory.
It's really bad in theory as we are not cleaning it before or after the
HTTP request, but only when set_userenv is called (what we are doing
commonly in C4::Auth::get_template_and_user).
If C4::Context->userenv is called before set_userenv we should get undef,
not the userenv from the previous request!
In practice this should not be a problem, but well... who really knows?
This patch suggests to have a middleware to deal with removing the
userenv at the beginning of each request (maybe it should be after, right? - FIXME).
To test:
1 - Edit /etc/koha/sites/kohadev/koha-conf.xml to set <plack_workers>1</plack_workers>
2 - Edit about.pl and add a line after: CGI->new:
warn Data::Dumper::Dumper( C4::Cointext->userenv() );
3 - tail -f /var/log/koha/kohadev/*.log
4 - View about.pl in staff interface, should get a "somethign's wrong" warning
5 - Reload, you get current user info
6 - Open an incognito tab, sign in as a different user and click some stuff
7 - Reload about.pl in other window
8 - You get the opac user info
9 - Apply patch
10 - Edit /etc/koha/sites/kohadev/plack.psgi and add the middleware after "RealIP":
enable "+Koha::Middleware::UserEnv";
11 - Restart all
12 - Reload about.pl - you get a "Something's wrong" warning
13 - Click things in opac on incognito window
14 - Reload about.pl - only "Something's wrong" - you no longer see any user info
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
|
||
|---|---|---|
| .. | ||
| docs | ||
| scripts | ||
| source | ||
| templates | ||
| bd-to-depends | ||
| build-git-snapshot | ||
| changelog | ||
| clean | ||
| compat | ||
| control | ||
| control.in | ||
| copyright | ||
| koha-common.bash-completion | ||
| koha-common.config | ||
| koha-common.cron.d | ||
| koha-common.cron.daily | ||
| koha-common.cron.hourly | ||
| koha-common.cron.monthly | ||
| koha-common.default | ||
| koha-common.dirs | ||
| koha-common.docs | ||
| koha-common.init | ||
| koha-common.install | ||
| koha-common.links | ||
| koha-common.logrotate | ||
| koha-common.postinst | ||
| koha-common.preinst | ||
| koha-common.README.Debian | ||
| koha-common.service | ||
| koha-common.templates | ||
| koha-core.bash-completion | ||
| koha-core.config | ||
| koha-core.default | ||
| koha-core.dirs | ||
| koha-core.docs | ||
| koha-core.init | ||
| koha-core.install | ||
| koha-core.links | ||
| koha-core.logrotate | ||
| koha-core.postinst | ||
| koha-core.preinst | ||
| koha-core.templates | ||
| koha-full.postinst | ||
| koha-post-install-setup | ||
| koha.apache-ports | ||
| koha.config | ||
| koha.dirs | ||
| koha.install | ||
| koha.postinst | ||
| koha.postrm | ||
| koha.prerm | ||
| koha.README.Debian | ||
| list-deps | ||
| README.build | ||
| rules | ||
| unavailable.html | ||
| update-control | ||
In order to build .deb packages, following debian packages need to be present (installed): devscripts pbuilder dh-make fakeroot As root (or sudo) execute: pbuilder create Executing build-git-snapshot without any arguments will leave package and the rest in some pbuilder dir, eg. /var/cache/pbuilder/result It is highly recommended that --buildresult option is used.