Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Main Koha release repository https://koha-community.org
25822 commits 35 branches 612 tags 1.8 GiB
Perl 45.3%
JavaScript 39.4%
HTML 7.2%
XSLT 3.9%
Vue 1.4%
Other 2.3%
Find a file
Jonathan Druart 94dde6b48d Bug 15809: Redefine multi_param is CGI < 4.08 is used 
On debian Jessie, the CGI version is >= 4.08
Since this version, the param method raise a warning
"CGI::param called in list context".
Indeed, it can cause vulnerability if called in list context

https://metacpan.org/pod/CGI#Fetching-the-value-or-values-of-a-single-named-parameter
http://blog.gerv.net/2014/10/new-class-of-vulnerability-in-perl-web-applications/

There is a long journey to get rid of these warnings.
First I suggest to redefine the multi_param method when the CGI version
 installed is < 4.08, it will allow us to move the wrong ->param calls to
 ->multi_param without waiting for everybody to upgrade.

The different ways to call these 2 methods are:

my $foo = $cgi->param('foo'); # OK

my @foo = $cgi->param('foo'); # NOK, will raise the warning
my @foo = $cgi->multi_param('foo'); #OK

$template->param( foo => $cgi->param('foo') ); # NOK, will raise the warning
                                               # and vulnerable
$template->param( foo => scalar $cgi->param('foo') ); # OK

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested a call to multi_param with CGI < 4.08.
With reference to the comments on Bugzilla, this workaround is arguable,
but provides a base to move to multi_param. If we come up with a better
solution, it should be easy to adjust.

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-03-22 23:23:39 +00:00
acqui Bug 16089: Acquisitions -> Invoice broken by Bug 15084 2016-03-21 16:05:50 +00:00
admin Bug 15962: Block the currency deletion if used 2016-03-21 22:56:11 +00:00
api/v1 Bug 13799: Add types for patron's fields in Swagger spec 2015-11-04 13:47:33 -03:00
authorities Bug 5404: C4::Koha - remove subfield_is_koha_internal_p 2016-03-07 17:30:09 +00:00
basket Bug 14306: Show URL from MARC21 field 555$u under Title Notes/Descriptions 2016-03-07 17:58:32 +00:00
C4 Bug 15809: Redefine multi_param is CGI < 4.08 is used 2016-03-22 23:23:39 +00:00
catalogue Bug 15629 [QA Followup] 2016-02-24 03:55:07 +00:00
cataloguing Bug 5404: Move the test to a new IsMarcStructureInternal sub 2016-03-07 17:30:09 +00:00
circ Bug 15997 - Hold Ratios for ordered items doesn't count orders where AcqCreateItem is set to 'receiving' 2016-03-21 22:55:10 +00:00
course_reserves
debian Bug 11998: Clear L1 cache from psgi files 2016-03-15 07:08:30 +00:00
docs Bug 7143: Adding releases and fixing some missing tabs 2016-01-06 16:03:30 -07:00
errors Bug 15288: Error pages: Code duplication removal and better translatability 2016-01-27 05:57:34 +00:00
etc Bug 15694: Add aliases for date/time last modified 2016-03-11 21:56:50 +00:00
install_misc Bug 13642 - Remove MARC::Crosswalk::DublinCore from Koha 2016-01-27 06:23:08 +00:00
installer DBREV for Bug 16019 - Remove unused blue.css 2016-03-22 01:03:03 +00:00
Koha Bug 15585 - Move C4::Passwordrecovery to the new namespace Koha::Patron::Password::Reset 2016-03-22 23:08:21 +00:00
koha-tmpl Bug 15421: Show 'Duplicate' and 'Schedule' on Reports toolbar 2016-03-22 01:46:36 +00:00
labels Bug 5404: C4::Koha - remove subfield_is_koha_internal_p 2016-03-07 17:30:09 +00:00
members Bug 15163: Do not erase patron attributes if limited to another library 2016-03-21 16:56:37 +00:00
misc Bug 16106 Correct loose to lose in comment 2016-03-22 01:47:53 +00:00
offline_circ Bug 15764: Fix timestamp sent by KOCT 2016-02-23 20:53:18 +00:00
opac Bug 15585 - Move C4::Passwordrecovery to the new namespace Koha::Patron::Password::Reset 2016-03-22 23:08:21 +00:00
OpenILS
patron_lists
patroncards Bug 16077 - Remove unused script and template card-print 2016-03-22 00:43:06 +00:00
plugins Bug 14951: Remove C4::Dates from plugins/*.pl files 2015-10-06 10:29:42 -03:00
reports Bug 5404: C4::Koha - remove subfield_is_koha_internal_p 2016-03-07 17:30:09 +00:00
reserve Bug 15548: Move new patron related code to Patron* 2016-03-03 14:38:26 -07:00
reviews
rotating_collections Bug 15066: Make transfer rotating collection works under Plack 2015-11-05 09:50:09 -03:00
selenium
serials Bug 14641: [SIGNED-OFF] Warns in subscription-add.pl 2016-01-27 04:31:27 +00:00
services
skel
sms Bug 15258: Fix Perl scripts declaring unused variables 2015-12-30 17:24:45 -07:00
suggestion Bug 15084: Replace C4::Budgets::GetCurrencies with Koha::Acquisition::Currencies->search 2016-03-03 20:39:01 +00:00
svc Bug 11998: Use Koha::Cache to cache sysprefs 2016-03-15 07:08:28 +00:00
t Bug 15585: Remove "shift on reference is experimental" warning 2016-03-22 23:08:21 +00:00
tags Bug 14589: Adjust authorities_merge_ajax and replace some indirect syntax 2015-11-02 12:49:13 -03:00
test Bug 9819 - 'stopwords'-related code removed 2015-12-30 15:49:35 +00:00
tmp/modified_authorities
tools Bug 15840: Catch errors if userid already exists when importing patrons 2016-03-21 21:24:00 +00:00
virtualshelves Bug 14306: Remove call to GetMarcNotes from sendshelf 2016-03-07 17:58:33 +00:00
xt Bug 13632: (QA followup) remove xt/permissions.t 2015-10-19 12:42:59 -03:00
.editorconfig
.htaccess
.mailmap
about.pl Bug 15548: Move new patron related code to Patron* 2016-03-03 14:38:26 -07:00
changelanguage.pl
edithelp.pl Bug 14813: Fix encoding issues on editing help pages 2015-09-16 10:42:15 -03:00
fix-perl-path.PL
help.pl Bug 14812: Display the help in the correct language 2015-10-02 15:06:08 -03:00
INSTALL
install-CPAN.pl
INSTALL.debian
INSTALL.fedora7 Bug 13642 - Remove MARC::Crosswalk::DublinCore from Koha 2016-01-27 06:23:08 +00:00
INSTALL.opensuse
INSTALL.ubuntu
Koha.pm DBREV for Bug 16019 - Remove unused blue.css 2016-03-22 01:03:03 +00:00
koha_perl_deps.pl
kohaversion.pl
LICENSE
mainpage.pl Bug 15548: Move new patron related code to Patron* 2016-03-03 14:38:26 -07:00
Makefile.PL Bug 12549: (QA followup) missing newline in CLI dialog 2016-02-24 01:06:13 +00:00
MANIFEST.SKIP
README
README.md Bug 15465 [QA Followup] - Update wording, switch logo, add links 2016-02-24 04:02:26 +00:00
README.robots
rewrite-config.PL Bug 12549: Hard coded font Paths ( DejaVu ) cause problems for non-Debian systems 2016-02-24 01:06:13 +00:00

README.md

Koha is a free software integrated library system (ILS).

Koha is distributed under the GNU GPL version 3 or later.

Note: This is a synced mirror of the official Koha repo.

Note: Koha does not accept pull requests from git hosting sites.

Note: This project has its own bug tracker, to report a bug or submit a patch visit http://bugs.koha-comminity.org.

For guidelines on submitting patches for Koha please visit https://wiki.koha-community.org/wiki/SubmitingAPatch

The developers handbook can be found at https://wiki.koha-community.org/wiki/Developer_handbook

http://koha-community.org/

Koha Logo