git.koha-community.org Git - koha.git/commit

author	Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
	Mon, 1 May 2017 12:15:58 +0000 (14:15 +0200)
committer	Katrin Fischer <katrin.fischer.83@web.de>
	Sat, 13 May 2017 12:48:01 +0000 (14:48 +0200)
commit	ca0f6e5bfdb85d071166c07c5b06fc1afd6c927d
tree	a719bcaa8dec72d7dbc5fd044fa36c0210f6fdbe	tree \| snapshot
parent	93aea8afe56851e0660634f3e15f015edd5b9439	commit \| diff

Bug 7550: [QA Follow-up] Resolve param warning from sco-patron-image

Resolve this warning:
  CGI::param called in list context from package C4::Service line 212, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 436.

It comes from the require_params call in sco-patron-image.pl.

Git grepping on require_params tells me this:
  members/default_messageprefs.pl:my ($categorycode) = C4::Service->require_params('categorycode');
  opac/sco/sco-patron-image.pl:my ($borrowernumber) = C4::Service->require_params('borrowernumber');
  opac/sco/sco-patron-image.pl:my ($csrf_token) = C4::Service->require_params('csrf_token');
  svc/cataloguing/metasearch:my ( $query_string, $servers ) = C4::Service->require_params( 'q', 'servers' );

The only candidate for multi_param seems to be 'servers', but as we can see
this variable is a scalar. Additional servers returned by require_params are
lost. This should be solved on its own report.
So, we can safely add scalar to the params call, resolve the warning and
keep the same behavior.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit e96f39ab522512fe828940e93ba3737d5f25a16f)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>