From b17f7ec7c1c838a2aad84012ae4ee3de5e1b34ed Mon Sep 17 00:00:00 2001 From: Aleisha Amohia Date: Tue, 5 Sep 2017 22:42:14 +0000 Subject: [PATCH] Bug 19258: Prevent warn when reversing a payment The following warn is triggered when I click the Reverse button next to an individual payment on the Account tab: CGI::param called in list context from package CGI::Compile::ROOT::home_vagrant_kohaclone_members_boraccount_2epl line 63, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 436. To test: 1) Go to a members detail page in staff side, create a manual invoice, pay it 2) Go to the Account tab, click Reverse next to the payment you just made 3) Notice warns 4) Apply patch and repeat steps 1 & 2 5) Warns should be gone Sponsored-by: Catalyst IT Signed-off-by: Mark Tompsett Signed-off-by: Jonathan Druart Signed-off-by: Jonathan Druart (cherry picked from commit b56c19528e332381384639ed347d11508086c547) Signed-off-by: Fridolin Somers --- members/boraccount.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/members/boraccount.pl b/members/boraccount.pl index 4f8ddf04b0..1447335c5b 100755 --- a/members/boraccount.pl +++ b/members/boraccount.pl @@ -57,7 +57,7 @@ my $action = $input->param('action') || ''; my $data=GetMember('borrowernumber' => $borrowernumber); if ( $action eq 'reverse' ) { - ReversePayment( $input->param('accountlines_id') ); + ReversePayment( scalar $input->param('accountlines_id') ); } if ( $data->{'category_type'} eq 'C') { -- 2.39.5