From 48003a890b2948a6c0616ad45ea5a220748b8aa2 Mon Sep 17 00:00:00 2001 From: David Cook Date: Fri, 9 Jun 2023 03:59:28 +0000 Subject: [PATCH] Bug 33967: Fix SetEnv middleware to preserve $env integrity This patch fixes the Koha::Middleware::SetEnv, so that it preserves the referential integrity of the $env hash reference as it passes through the pre-process and post-process stages of middleware wrapped around the core Koha Plack application. Test plan: 0a. Apply the patch 0b. vi /etc/koha/sites/kohadev/koha-conf.xml 0c. Uncomment "koha_trusted_proxies" 0d. Add "172.0.0.0/8" to the end of the "koha_trusted_proxies" 0e. koha-plack --restart kohadev 1. vi /etc/apache2/sites-enabled/kohadev.conf 2. Add the following to the OPAC virtualhost: SetEnv OVERRIDE_SYSPREF_LibraryName "The Best, Truly the Best, Koha Library" RequestHeader add X-Koha-SetEnv "OVERRIDE_SYSPREF_LibraryName The Best\, Truly the Best\, Koha Library" RequestHeader add X-Forwarded-For "192.168.100.100" 3. service apache2 restart 4. tail -f /var/log/koha/kohadev/plack.log 5. Go to http://localhost:8080/ 6. Note that the plack.log lists 192.168.100.100 as the client IP address 7. Note that the title of the OPAC webpage is "The Best, Truly the Best, Koha Library Library catalog" Signed-off-by: David Nind Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 42823da209bbef2148eb4245c1bdfe215bf899ee) Signed-off-by: Martin Renvoize (cherry picked from commit b139047381b7ff61478155b301fbd69caffc1ddc) Signed-off-by: Matt Blenkinsop --- Koha/Middleware/SetEnv.pm | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/Koha/Middleware/SetEnv.pm b/Koha/Middleware/SetEnv.pm index 27c91b6b05..b0e42d0935 100644 --- a/Koha/Middleware/SetEnv.pm +++ b/Koha/Middleware/SetEnv.pm @@ -96,11 +96,12 @@ sub call { } } @setenv_headers; - # Finally, everything is shoved into the $env. - $env = { - %$env, - %setenvs - }; + #Add the environmental variables to the $env hashref which travels between middlewares + #NOTE: It's very important that this $env keeps the same reference address so that + #all middlewares act correctly + foreach my $key ( keys %setenvs ) { + $env->{$key} = $setenvs{$key}; + } return $self->app->($env); } -- 2.39.5