Bug 31001: Fix "CGI::param called in list context" warning in basket.pl
CGI param basketno should be explicitly scalar,
or else error log gets flooded with this warning:
AH01215: CGI::param called in list context from
/home/vagrant/kohaclone/acqui/basket.pl line 175, this can lead to
vulnerabilities. See the warning in "Fetching the value or values of a
single named parameter" at /usr/share/perl5/CGI.pm line 412.
This patch fixes it by working with it in a scalar context.
The functionality still remains the same but warning doesn't flood
error log.
To reproduce:
1. Head over to the acquisitions page.
2. Pick existing vendor with email contact info or create a new one.
3. Create a new basket or use existing one, and if it doesn't have
any orders, add a new order to it.
4. Use the "E-mail order" button to send order.
5. Check the error log and find the upper mentioned warning.
(Note: if you're going to test this more than once, you might need
to restart your Plack in order for this warning to get added to your
log file again, reasons of that is that the authors of CGI.pm decided
to "warn only once")
6. Apply the patch.
7. Use the "E-mail order" button again, ensure that the same warning
doesn't get added to the log file again.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit
096fd4acfa360e450e9d6a1a37a96f7eb8d848c8)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit
718841a758b996b6e5499bd5b473369362d7422b)
Signed-off-by: Arthur Suzuki <arthur.suzuki@biblibre.com>
projects / koha.git / commit