]> git.koha-community.org Git - koha.git/commit
Bug 17830: CSRF - Handle unicode characters in userid
authorJonathan Druart <jonathan.druart@bugs.koha-community.org>
Thu, 29 Dec 2016 16:54:40 +0000 (17:54 +0100)
committerKatrin Fischer <katrin.fischer.83@web.de>
Wed, 4 Jan 2017 22:01:53 +0000 (23:01 +0100)
commit9a22ae4fc5dfe3be8bdb5f5de2ef5a0377709c1a
tree4d7a13f827109c478ac22020d0e9cea4ae683be4
parent9e6108965aff24d4d59496b6f5137e241e5e7e3e
Bug 17830: CSRF - Handle unicode characters in userid

If the userid of the logged in user contains unicode characters, the token
will not be generated correctly and Koha will crash with:
  Wide character in subroutine entry at /usr/share/perl5/Digest/HMAC.pm line 63.

Test plan:
- Edit a superlibrarian user and set his/her userid to '❤' or any other strings
with unicode characters.
- Login using this patron
- Search for patrons and click on a result.

=> Without this patch, you will get a software error (with "Wide
character in subroutine entry" in the logs).
=> With this patch, everything will go fine

You can also test the other files modified by this patch.

Signed-off-by: Karam Qubsi <karamqubsi@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 4e40339db3209c913c79b935067e139b470255cc)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
basket/sendbasket.pl
members/deletemem.pl
members/member-password.pl
members/memberentry.pl
members/moremember.pl
opac/opac-memberentry.pl
opac/opac-sendbasket.pl
tools/import_borrowers.pl
tools/picture-upload.pl