Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/opac
History
Marcel de Rooy bfbbe52ff7 Bug 21115: Add multi_param call and add divider in cache key in svc/report and opac counterpart 
Resolve things like:
CGI::param called in list context from package CGI::Compile::ROOT::usr_share_koha_prodclone_opac_svc_report line 42, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 436.

The cache key in both script looks like:
    opac:report:id:602018
but should for consistency be:
    opac:report:id:60:2018
Note: The 2018 here is part of the sql_params and should not be
concatenated to the report id.

Test plan:
Do not yet apply this patch.
Make a report public, set cache to 300 secs.
Check its output with opac/svc/report.
Check for the warn in your log.
Apply the patch, restart Plack and flush cache.
Check opac/svc/report.
Modify your report; e.g. add a simple string to the SELECT.
Check opac/svc/report. You should still see cached output.
Flush the cache.
Check opac/svc/report. You should now see the added text.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested also by clearing individual keys with $cache->clear_from_cache.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-15 13:45:42 +00:00
..
clubs Bug 12461 - Add patron clubs feature 2017-04-28 08:37:44 -04:00
errors Bug 19991: use Modern::Perl in OPAC perl scripts 2018-08-30 13:40:32 +00:00
external/overdrive bug_16034 Koha::ExternalContent::OverDrive - a wrapper around WebService::ILS::Overdrive::Patron 2017-02-21 19:58:20 +00:00
rss
sci Bug 15492: (QA followup) Make page refresh work correctly 2018-03-26 17:31:19 -03:00
sco Bug 19991: use Modern::Perl in OPAC perl scripts 2018-08-30 13:40:32 +00:00
svc Bug 21115: Add multi_param call and add divider in cache key in svc/report and opac counterpart 2018-10-15 13:45:42 +00:00
ilsdi.pl Bug 13990: ILS-DI LookupPatron requires ID Type 2018-01-30 14:18:21 -03:00
maintenance.pl Bug 17989: Include full path logic in _get_template_file 2017-11-01 13:10:17 -03:00
oai.pl
opac-account-pay-paypal-return.pl Bug 19991: use Modern::Perl in OPAC perl scripts 2018-08-30 13:40:32 +00:00
opac-account-pay-return.pl Bug 19173: Make OPAC online payments pluggable 2017-09-19 14:15:52 -03:00
opac-account-pay.pl Bug 19173: Make OPAC online payments pluggable 2017-09-19 14:15:52 -03:00
opac-account.pl Bug 21137: Replace BORROWER_INFO with logged_in_user 2018-08-14 12:43:12 +00:00
opac-addbybiblionumber.pl Bug 18262: Koha::Biblio - Remove GetBiblioData - part 1 2017-07-14 12:22:23 -03:00
opac-alert-subscribe.pl Bug 19991: use Modern::Perl in OPAC perl scripts 2018-08-30 13:40:32 +00:00
opac-article-request-cancel.pl
opac-authorities-home.pl Bug 19991: use Modern::Perl in OPAC perl scripts 2018-08-30 13:40:32 +00:00
opac-authoritiesdetail.pl Bug 19991: use Modern::Perl in OPAC perl scripts 2018-08-30 13:40:32 +00:00
opac-basket.pl Bug 19708: Improve code for printing the cart in OPAC 2018-03-26 17:31:16 -03:00
opac-blocked.pl
opac-browser.pl Bug 19991: use Modern::Perl in OPAC perl scripts 2018-08-30 13:40:32 +00:00
opac-changelanguage.pl Bug 18946 [QA Followup] - code cleanup 2017-09-01 13:02:26 -03:00
opac-course-details.pl
opac-course-reserves.pl
opac-detail.pl Bug 17530: (QA follow-up) Move may_article_request to ItemType 2018-09-07 13:16:08 +00:00
opac-discharge.pl Bug 20953: Prevent several discharge requests on OPAC 2018-07-13 10:34:28 +00:00
opac-downloadcart.pl Bug 19040: Refactor GetMarcBiblio parameters 2017-08-25 10:23:42 -03:00
opac-downloadshelf.pl Bug 19040: Refactor GetMarcBiblio parameters 2017-08-25 10:23:42 -03:00
opac-export.pl Bug 20097: Use same regex in marc2dcxml and opac-export 2018-03-19 12:23:19 -03:00
opac-ics.pl Bug 19991: use Modern::Perl in OPAC perl scripts 2018-08-30 13:40:32 +00:00
opac-idref.pl Bug 19640: fix OPAC IdRef webservice display 2017-12-07 09:37:09 -03:00
opac-illrequests.pl Bug 20548: Remove copyright clearance for staff 2018-10-09 15:02:46 +00:00
opac-image.pl Bug 19991: use Modern::Perl in OPAC perl scripts 2018-08-30 13:40:32 +00:00
opac-imageviewer.pl Bug 19991: use Modern::Perl in OPAC perl scripts 2018-08-30 13:40:32 +00:00
opac-ISBDdetail.pl Bug 17530: (QA follow-up) Move may_article_request to ItemType 2018-09-07 13:16:08 +00:00
opac-issue-note.pl Bug 17698: Make patron notes show up on staff dashboard 2018-07-23 15:23:40 +00:00
opac-main.pl Bug 19892: Replace numbersphr variable with Koha.Preference('OPACNumbersPreferPhrase') in OPAC 2018-04-02 18:08:07 -03:00
opac-MARCdetail.pl Bug 17530: (QA follow-up) Move may_article_request to ItemType 2018-09-07 13:16:08 +00:00
opac-memberentry.pl Bug 20819: Add consent to self-registration process 2018-09-20 13:45:26 +00:00
opac-messaging.pl Bug 19991: use Modern::Perl in OPAC perl scripts 2018-08-30 13:40:32 +00:00
opac-modrequest-suspend.pl Bug 19991: use Modern::Perl in OPAC perl scripts 2018-08-30 13:40:32 +00:00
opac-modrequest.pl Bug 19991: use Modern::Perl in OPAC perl scripts 2018-08-30 13:40:32 +00:00
opac-mymessages.pl Bug 19991: use Modern::Perl in OPAC perl scripts 2018-08-30 13:40:32 +00:00
opac-news-rss.pl
opac-overdrive-search.pl Bug 19991: use Modern::Perl in OPAC perl scripts 2018-08-30 13:40:32 +00:00
opac-passwd.pl Bug 19991: use Modern::Perl in OPAC perl scripts 2018-08-30 13:40:32 +00:00
opac-password-recovery.pl Bug 20023: (QA follow-up) Tiny simplification 2018-09-26 16:03:14 +00:00
opac-patron-consent.pl Bug 20819: Add your consents tab to opac-user 2018-09-20 13:45:26 +00:00
opac-patron-image.pl Bug 19991: use Modern::Perl in OPAC perl scripts 2018-08-30 13:40:32 +00:00
opac-privacy.pl Bug 19991: use Modern::Perl in OPAC perl scripts 2018-08-30 13:40:32 +00:00
opac-ratings-ajax.pl Bug 19991: use Modern::Perl in OPAC perl scripts 2018-08-30 13:40:32 +00:00
opac-ratings.pl Bug 19991: use Modern::Perl in OPAC perl scripts 2018-08-30 13:40:32 +00:00
opac-readingrecord.pl Bug 19991: use Modern::Perl in OPAC perl scripts 2018-08-30 13:40:32 +00:00
opac-recordedbooks-search.pl Bug 17602: Fix few minor QA issues 2018-10-01 13:56:56 +00:00
opac-registration-verify.pl Bug 20819: Add consent to self-registration process 2018-09-20 13:45:26 +00:00
opac-renew.pl Bug 19991: use Modern::Perl in OPAC perl scripts 2018-08-30 13:40:32 +00:00
opac-request-article.pl
opac-reserve.pl Bug 7534: (QA follow-up) Use Koha.Preference template plugin to fetch the pref's value 2018-09-14 17:20:21 +00:00
opac-restrictedpage.pl
opac-retrieve-file.pl
opac-review.pl Bug 19843: (bug 15839 follow-up) Set reviews.datereviewed when the review is made 2017-12-21 11:07:51 -03:00
opac-routing-lists.pl Bug 21137: Replace BORROWER_INFO with logged_in_user 2018-08-14 12:43:12 +00:00
opac-search-history.pl Bug 12497: Fix OPAC search history reachable by URL even when disabled 2017-12-07 10:09:52 -03:00
opac-search.pl Bug 17602: OPAC integration of RecordedBooks 2018-10-01 13:56:39 +00:00
opac-sendbasket.pl Bug 18975: Retrieve up-to-date CGISESSID when just logged in 2018-02-18 14:47:42 -03:00
opac-sendshelf.pl Bug 19991: use Modern::Perl in OPAC perl scripts 2018-08-30 13:40:32 +00:00
opac-serial-issues.pl Bug 19991: use Modern::Perl in OPAC perl scripts 2018-08-30 13:40:32 +00:00
opac-shareshelf.pl Bug 20687: (follow-up) Look for invitekey in show_accept and fix error codes 2018-05-07 11:55:13 -03:00
opac-shelves.pl Bug 19039: (follow-up) Results of virtual shelves (lists) not sortable by date 2018-08-24 16:23:27 +00:00
opac-showmarc.pl Bug 20083: (follow-up) use same logic in opac-showmarc 2018-04-04 15:45:34 -03:00
opac-showreviews.pl Bug 19991: use Modern::Perl in OPAC perl scripts 2018-08-30 13:40:32 +00:00
opac-suggestions.pl Bug 19991: use Modern::Perl in OPAC perl scripts 2018-08-30 13:40:32 +00:00
opac-tags.pl Bug 19040: Refactor GetMarcBiblio parameters 2017-08-25 10:23:42 -03:00
opac-tags_subject.pl Bug 19991: use Modern::Perl in OPAC perl scripts 2018-08-30 13:40:32 +00:00
opac-topissues.pl Bug 19991: use Modern::Perl in OPAC perl scripts 2018-08-30 13:40:32 +00:00
opac-user.pl Bug 17602: OPAC integration of RecordedBooks 2018-10-01 13:56:39 +00:00
tracklinks.pl Bug 21018: Allow uris defined in the item 2018-08-08 13:06:19 +00:00
unapi Bug 19991: use Modern::Perl in OPAC perl scripts 2018-08-30 13:40:32 +00:00