David Cook
e6a1d65c9a
This change stops the cookie from being sent back from error pages, so that backcalls that cause errors don't overwrite the existing cookie used by the foreground request page. Test plan: 0. Apply the patch and koha-plack --reload kohadev 1. Set syspref IntranetFavicon to http://localhost:8081/cgi-bin/koha/bad.jpg 2. Open browser developer tools 3. Go to http://localhost:8081/cgi-bin/koha/mainpage.pl 4. Open the Network tab, disable the cache, and shift refresh 5. Notice that bad.jpg fails to load with a 404 6. Try to login to Koha 7. Confirm login works *. Extra points if you note that the cookie returned by the first mainpage.pl request is used for the bad.jpg lookup and the second mainpage.pl request. Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
48 lines
1.5 KiB
Perl
Executable file
48 lines
1.5 KiB
Perl
Executable file
#!/usr/bin/perl
|
|
|
|
# This file is part of Koha.
|
|
#
|
|
# Koha is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation; either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# Koha is distributed in the hope that it will be useful, but
|
|
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with Koha; if not, see <http://www.gnu.org/licenses>.
|
|
|
|
|
|
use Modern::Perl;
|
|
use CGI qw ( -utf8 );
|
|
use C4::Auth qw( get_template_and_user );
|
|
use C4::Output qw( output_with_http_headers );
|
|
use C4::Context;
|
|
use List::MoreUtils qw( any );
|
|
|
|
my $query = CGI->new;
|
|
my $admin = C4::Context->preference('KohaAdminEmailAddress');
|
|
my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
|
|
{
|
|
template_name => 'errors/errorpage.tt',
|
|
query => $query,
|
|
type => 'intranet',
|
|
authnotrequired => 1,
|
|
}
|
|
);
|
|
$template->param (
|
|
admin => $admin,
|
|
errno => 403,
|
|
csrf_error => $ENV{'plack.middleware.Koha.CSRF'},
|
|
);
|
|
|
|
my $status = '403 Forbidden';
|
|
if ( C4::Context->is_internal_PSGI_request() ) {
|
|
$status = '200 OK';
|
|
}
|
|
#NOTE: We're not setting/updating the cookie here
|
|
$cookie = '';
|
|
output_with_http_headers $query, $cookie, $template->output, 'html', $status;
|