Koha/svc
Marcel de Rooy bfbbe52ff7 Bug 21115: Add multi_param call and add divider in cache key in svc/report and opac counterpart
Resolve things like:
CGI::param called in list context from package CGI::Compile::ROOT::usr_share_koha_prodclone_opac_svc_report line 42, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 436.

The cache key in both script looks like:
    opac:report:id:602018
but should for consistency be:
    opac:report:id:60:2018
Note: The 2018 here is part of the sql_params and should not be
concatenated to the report id.

Test plan:
Do not yet apply this patch.
Make a report public, set cache to 300 secs.
Check its output with opac/svc/report.
Check for the warn in your log.
Apply the patch, restart Plack and flush cache.
Check opac/svc/report.
Modify your report; e.g. add a simple string to the SELECT.
Check opac/svc/report. You should still see cached output.
Flush the cache.
Check opac/svc/report. You should now see the added text.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested also by clearing individual keys with $cache->clear_from_cache.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-15 13:45:42 +00:00
..
cataloguing
club Bug 12461 - Add patron clubs feature 2017-04-28 08:37:44 -04:00
config Bug 20016: use Modern::Perl in svc scripts 2018-02-05 09:46:45 -03:00
hold
letters Bug 17981: (QA follow-up) Fix and update pod in svc/letters/get 2018-04-12 10:51:50 -03:00
members Bug 18403: Update permissions - borrowers => 1|* becomes borrowers => 'edit_borrowers' 2018-02-12 15:41:37 -03:00
records Bug 19040: Refactor GetMarcBiblio parameters 2017-08-25 10:23:42 -03:00
virtualshelves Bug 16476: Do not call CGI->param in list context, some more 2016-05-16 17:11:46 +00:00
article_request Bug 14610 - Add and update scripts 2016-10-26 12:15:14 +00:00
authentication
barcode Bug 20676: svc/barcode should allow barcode to be printed without text 2018-06-22 16:34:53 +00:00
bib Bug 16424: Make the svc/bib service keep the existing framework code 2018-09-28 19:01:50 +00:00
bib_framework Bug 16424: (QA follow-up) Use Modern::Perl 2018-09-28 19:01:51 +00:00
bib_profile Bug 20016: use Modern::Perl in svc scripts 2018-02-05 09:46:45 -03:00
checkin Bug 21184: Replace C4::Items::GetBarcodeFromItemnumber calls 2018-08-31 10:15:23 +00:00
checkout_notes Bug 17698: Make patron notes show up on staff dashboard 2018-07-23 15:23:40 +00:00
checkouts Bug 19719: (follow-up) Show description instead of code 2018-08-22 13:22:18 +00:00
convert_report Bug 20495: Remove get_saved_report 2018-07-02 12:06:54 +00:00
cover_images Bug 11944: use CGI( -utf8 ) everywhere 2015-01-13 13:07:21 -03:00
holds Bug 20088: Fix uninitialized warning from svc/holds 2018-01-30 14:21:27 -03:00
import_bib Bug 20016: use Modern::Perl in svc scripts 2018-02-05 09:46:45 -03:00
localization Bug 15477: (follow-up) Bug 14100: Better errors handling 2016-01-12 16:13:41 +00:00
new_bib Bug 16424: Handle framework code properly also when adding a new record 2018-09-28 19:01:51 +00:00
renew
report Bug 21115: Add multi_param call and add divider in cache key in svc/report and opac counterpart 2018-10-15 13:45:42 +00:00