Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Main Koha release repository https://koha-community.org
45602 commits 35 branches 612 tags 1.8 GiB
Perl 45.3%
JavaScript 39.4%
HTML 7.2%
XSLT 3.9%
Vue 1.4%
Other 2.3%
Find a file
Petro Vashchuk 718841a758 Bug 31001: Fix "CGI::param called in list context" warning in basket.pl 
CGI param basketno should be explicitly scalar,
or else error log gets flooded with this warning:

AH01215: CGI::param called in list context from
/home/vagrant/kohaclone/acqui/basket.pl line 175, this can lead to
vulnerabilities. See the warning in "Fetching the value or values of a
single named parameter" at /usr/share/perl5/CGI.pm line 412.

This patch fixes it by working with it in a scalar context.
The functionality still remains the same but warning doesn't flood
error log.

To reproduce:
1. Head over to the acquisitions page.
2. Pick existing vendor with email contact info or create a new one.
3. Create a new basket or use existing one, and if it doesn't have
any orders, add a new order to it.
4. Use the "E-mail order" button to send order.
5. Check the error log and find the upper mentioned warning.
(Note: if you're going to test this more than once, you might need
to restart your Plack in order for this warning to get added to your
log file again, reasons of that is that the authors of CGI.pm decided
to "warn only once")
6. Apply the patch.
7. Use the "E-mail order" button again, ensure that the same warning
doesn't get added to the log file again.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 096fd4acfa)

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2022-08-12 15:47:32 +00:00
acqui Bug 31001: Fix "CGI::param called in list context" warning in basket.pl 2022-08-12 15:47:32 +00:00
admin Bug 30848: Add an ExpandCodedFields RecordProcessor filter 2022-07-29 17:15:30 +00:00
api Bug 30903: Fix POST /quote 2022-08-12 15:39:33 +00:00
authorities Bug 29260: 210a is reported to Autor (meeting/conference) when upgrading an authority through Z3950 2022-07-12 15:32:30 +00:00
basket Bug 29871: Remove marcflavour param in Koha::Biblio->get_marc_notes 2022-07-12 15:54:27 +00:00
bin Bug 20582: Turn Koha into a Mojolicious application 2020-10-06 12:00:04 +02:00
C4 Bug 30327: Fix tests 2022-07-29 16:33:21 +00:00
catalogue Bug 30976: Display biblio's cover images first 2022-08-12 15:43:47 +00:00
cataloguing Bug 31179: Don't copy invisible subfields when duplicating items 2022-08-12 14:29:34 +00:00
circ Bug 30409: barcodedecode() should always trim barcode 2022-07-13 19:44:18 +00:00
clubs Bug 29859: Use iterator instead of as_list 2022-02-09 15:36:23 -10:00
course_reserves Bug 30409: barcodedecode() should always trim barcode 2022-07-13 19:44:18 +00:00
debian Bug 25622: Use special chars in DB password (koha-create) 2022-08-09 22:05:25 +00:00
docs Bug 30808: Add the 22.05 release team. 2022-05-25 23:56:12 -10:00
errors Bug 29420: HTTP status code incorrect when calling error pages directly under Plack/PSGI 2022-04-20 09:03:39 -10:00
etc Bug 29936: Add holds_get_captured option to sip config 2022-05-05 11:17:37 -10:00
ill Bug 29844: Fix ->search occurrences 2022-02-09 15:36:23 -10:00
installer Bug 24010: DBRev 22.05.03.004 2022-08-12 15:17:26 +00:00
Koha Bug 24010: Schema changes 2022-08-12 15:35:47 +00:00
koha-tmpl Bug 30903: (follow-up) Fix error message class 2022-08-12 15:40:07 +00:00
labels Bug 29821: Add interface for generating barcodes using svc/barcode 2022-04-08 15:49:17 +02:00
lib/CGI/Session/Serialize Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
members Bug 30807: Migrate to patron-title in pay and paycollect 2022-07-12 19:16:23 +00:00
misc Bug 30889: (follow-up) Record and use context in background_jobs 2022-07-29 17:05:26 +00:00
offline_circ Bug 30525: Items batch modification broken 2022-04-21 13:41:36 -10:00
opac Bug 30918: Allow passing filtered record to get_marc_notes 2022-07-29 17:19:15 +00:00
patron_lists Bug 16446: Add ability to add patrons to list by borrowernumber 2021-10-21 12:24:04 +02:00
patroncards Bug 24001: Fix patron card template edition 2022-04-28 10:49:20 -10:00
plugins Bug 29787: Add plugin version to plugin search results 2022-04-08 15:49:15 +02:00
pos Bug 28481: (RM follow-up) formatting 2021-12-16 12:13:51 -10:00
recalls Bug 30924: Add missing branchtransfers.reason value for recall cancellation 2022-07-13 19:13:33 +00:00
reports Bug 30551: Make cash register report take branchcode from cash register 2022-05-06 10:33:10 -10:00
reserve Bug 30960: Fix JS error message when no pick-up location is selected when placing a hold 2022-06-24 15:51:57 +00:00
reviews Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
rotating_collections Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
serials Bug 23352: Set default collection code when creating subscription 2022-05-10 15:17:17 -10:00
services Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
skel Bug 11078: Add locking to rebuild_zebra 2014-02-28 22:21:41 +00:00
suggestion Bug 30127: By default show pending suggestions tab 2022-05-10 23:09:09 -10:00
svc Bug 30924: Add missing branchtransfers.reason value for recall cancellation 2022-07-13 19:13:33 +00:00
t Bug 31106: Unit tests 2022-08-12 14:39:03 +00:00
tags Bug 29469: (bug 17600 follow-up) Fix tag approval/rejection from staff 2021-11-16 15:49:22 +01:00
tmp/modified_authorities
tools Bug 22659: (follow-up) Add category to redirect 2022-07-29 16:06:44 +00:00
virtualshelves Bug 26346: Add option to make public lists editable by all staff 2022-04-12 17:13:02 +02:00
xt Bug 27619: (QA follow-up) Remove xt/sample_notices.t 2022-05-11 11:28:48 +01:00
.editorconfig Bug 27375: Set YAML file settings in .editorconfig 2021-11-03 15:40:52 +01:00
.eslintrc.json Bug 23834: Add default ESLint configuration 2019-11-03 08:02:39 +00:00
.gitignore Bug 20427: Convert OPAC LESS to SCSS 2018-08-09 15:17:07 +00:00
.htaccess
.mailmap 22.05.00: Update mailmap 2022-05-25 23:56:12 -10:00
.perlcriticrc Bug 25898: Prohibit indirect object notation 2020-10-15 12:56:30 +02:00
.proverc.dist Bug 19821: Install sample data, ES mappings and Version syspref 2021-10-25 11:27:40 +02:00
.scss-lint.yml Bug 21237: Clean up staff client SCSS 2018-08-24 16:23:25 +00:00
about.pl Bug 28998: (follow-up) Add warning on about for missing key 2022-05-04 05:18:31 -10:00
app.psgi Bug 20582: Fix PSGI file when behind a reverse proxy 2020-10-06 12:00:04 +02:00
changelanguage.pl Bug 25898: Prohibit indirect object notation 2020-10-15 12:56:30 +02:00
cpanfile Bug 25669: (follow-up) Minor fixes 2022-07-29 15:28:00 +00:00
fix-perl-path.PL Bug 28606: Remove $DEBUG and $ENV{DEBUG} 2021-06-24 11:53:44 +02:00
gulpfile.js Bug 30373: Enable translation of UNIMARC frameworks 2022-04-21 13:41:35 -10:00
help.pl Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
INSTALL Bug 26617: Update INSTALL file to include koha-testing-docker and Gitlab links 2020-10-15 12:56:30 +02:00
Koha.pm Bug 24010: DBRev 22.05.03.004 2022-08-12 15:17:26 +00:00
koha_perl_deps.pl Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
kohaversion.pl Bug 26384: Fix executable flags 2020-09-11 09:56:56 +02:00
LICENSE
mainpage.pl Bug 29020: Add link on the mainpage for users without admin access 2021-10-19 09:29:09 +02:00
Makefile.PL Bug 19532: Database and installer stuff 2022-03-14 22:45:50 -10:00
MANIFEST.SKIP Bug 9546 : Updating make manifest tardist 2013-02-06 23:54:46 -05:00
package.json Bug 27939: Update yarn.lock file 2021-03-16 12:04:06 +01:00
README Bug 9440 - update Koha's LICENSE file from GPL2 to GPL3 2013-02-12 08:52:10 -05:00
README.md Bug 27092: Remove note about "synced repo" from README.md 2020-11-25 16:31:58 +01:00
README.robots Bug 6411 add another example to README.robots 2011-07-05 14:48:05 +12:00
rewrite-config.PL Bug 28519: Put CGI::Session::Serialize::yamlxs in lib directory 2021-06-17 10:07:36 +02:00
yarn.lock Bug 27939: Update yarn.lock file 2021-03-16 12:04:06 +01:00

README.md

Koha is a free software integrated library system (ILS).

Koha is distributed under the GNU GPL version 3 or later.

Note: Koha does not accept pull requests from git hosting sites.

Note: This project has its own bug tracker, to report a bug or submit a patch visit http://bugs.koha-community.org.

For guidelines on submitting patches for Koha please visit https://wiki.koha-community.org/wiki/SubmitingAPatch

The developers handbook can be found at https://wiki.koha-community.org/wiki/Developer_handbook

http://koha-community.org/

Koha Logo