git.koha-community.org Git - koha.git/commit

Bug 17720: CSRF - Handle unicode characters

From the pod of Digest::MD5:
"""
Since the MD5 algorithm is only defined for strings of bytes, it can not
be used on strings that contains chars with ordinal number above 255
(Unicode strings). The MD5 functions and methods will croak if you try
to feed them such input data.
What you can do is calculate the MD5 checksum of the UTF-8
representation of such strings.
"""

Test plan:
- Set a MySQL/MariaDB password with unicode characters:
UPDATE user SET password=PASSWORD('❤') WHERE USER='koha_kohadev';
FLUSH PRIVILEGES
- Update your $KOHA_CONF file
- Restart Memcached
- Hit the files modified by this patch

=> Without this patch, you will get a software error (with "Wide
character in subroutine entry" in the logs).
=> With this patch, everything will go fine

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Edit: removed debugging leftover

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

author	Jonathan Druart <jonathan.druart@bugs.koha-community.org>
	Mon, 5 Dec 2016 08:17:21 +0000 (08:17 +0000)
committer	Katrin Fischer <katrin.fischer.83@web.de>
	Mon, 5 Dec 2016 20:18:13 +0000 (21:18 +0100)
commit	0d94f259840ee8023513a0b060a0a9cb631da661
tree	f044d4e7c76b65f3d2d3d1a77aa312b3165b5662	tree \| snapshot
parent	2289c1caed83a5f0ffc1f685cb36669274d2bbb4	commit \| diff

basket/sendbasket.pl		diff \| blob \| history
members/deletemem.pl		diff \| blob \| history
members/member-password.pl		diff \| blob \| history
members/memberentry.pl		diff \| blob \| history
members/moremember.pl		diff \| blob \| history
opac/opac-memberentry.pl		diff \| blob \| history
opac/opac-sendbasket.pl		diff \| blob \| history
tools/import_borrowers.pl		diff \| blob \| history
tools/picture-upload.pl		diff \| blob \| history