Main Koha release repository
https://koha-community.org
Jonathan Druart
94dde6b48d
On debian Jessie, the CGI version is >= 4.08 Since this version, the param method raise a warning "CGI::param called in list context". Indeed, it can cause vulnerability if called in list context https://metacpan.org/pod/CGI#Fetching-the-value-or-values-of-a-single-named-parameter http://blog.gerv.net/2014/10/new-class-of-vulnerability-in-perl-web-applications/ There is a long journey to get rid of these warnings. First I suggest to redefine the multi_param method when the CGI version installed is < 4.08, it will allow us to move the wrong ->param calls to ->multi_param without waiting for everybody to upgrade. The different ways to call these 2 methods are: my $foo = $cgi->param('foo'); # OK my @foo = $cgi->param('foo'); # NOK, will raise the warning my @foo = $cgi->multi_param('foo'); #OK $template->param( foo => $cgi->param('foo') ); # NOK, will raise the warning # and vulnerable $template->param( foo => scalar $cgi->param('foo') ); # OK Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Tested a call to multi_param with CGI < 4.08. With reference to the comments on Bugzilla, this workaround is arguable, but provides a base to move to multi_param. If we come up with a better solution, it should be easy to adjust. Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com |
||
---|---|---|
acqui | ||
admin | ||
api/v1 | ||
authorities | ||
basket | ||
C4 | ||
catalogue | ||
cataloguing | ||
circ | ||
course_reserves | ||
debian | ||
docs | ||
errors | ||
etc | ||
install_misc | ||
installer | ||
Koha | ||
koha-tmpl | ||
labels | ||
members | ||
misc | ||
offline_circ | ||
opac | ||
OpenILS | ||
patron_lists | ||
patroncards | ||
plugins | ||
reports | ||
reserve | ||
reviews | ||
rotating_collections | ||
selenium | ||
serials | ||
services | ||
skel | ||
sms | ||
suggestion | ||
svc | ||
t | ||
tags | ||
test | ||
tmp/modified_authorities | ||
tools | ||
virtualshelves | ||
xt | ||
.editorconfig | ||
.htaccess | ||
.mailmap | ||
about.pl | ||
changelanguage.pl | ||
edithelp.pl | ||
fix-perl-path.PL | ||
help.pl | ||
INSTALL | ||
install-CPAN.pl | ||
INSTALL.debian | ||
INSTALL.fedora7 | ||
INSTALL.opensuse | ||
INSTALL.ubuntu | ||
Koha.pm | ||
koha_perl_deps.pl | ||
kohaversion.pl | ||
LICENSE | ||
mainpage.pl | ||
Makefile.PL | ||
MANIFEST.SKIP | ||
README | ||
README.md | ||
README.robots | ||
rewrite-config.PL |
Koha is a free software integrated library system (ILS).
Koha is distributed under the GNU GPL version 3 or later.
Note: This is a synced mirror of the official Koha repo.
Note: Koha does not accept pull requests from git hosting sites.
Note: This project has its own bug tracker, to report a bug or submit a patch visit http://bugs.koha-comminity.org.
For guidelines on submitting patches for Koha please visit https://wiki.koha-community.org/wiki/SubmitingAPatch
The developers handbook can be found at https://wiki.koha-community.org/wiki/Developer_handbook