From b56c19528e332381384639ed347d11508086c547 Mon Sep 17 00:00:00 2001 From: Aleisha Amohia Date: Tue, 5 Sep 2017 22:42:14 +0000 Subject: [PATCH] Bug 19258: Prevent warn when reversing a payment The following warn is triggered when I click the Reverse button next to an individual payment on the Account tab: CGI::param called in list context from package CGI::Compile::ROOT::home_vagrant_kohaclone_members_boraccount_2epl line 63, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 436. To test: 1) Go to a members detail page in staff side, create a manual invoice, pay it 2) Go to the Account tab, click Reverse next to the payment you just made 3) Notice warns 4) Apply patch and repeat steps 1 & 2 5) Warns should be gone Sponsored-by: Catalyst IT Signed-off-by: Mark Tompsett Signed-off-by: Jonathan Druart Signed-off-by: Jonathan Druart --- members/boraccount.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/members/boraccount.pl b/members/boraccount.pl index 0cc9487f39..e7d769efaf 100755 --- a/members/boraccount.pl +++ b/members/boraccount.pl @@ -60,7 +60,7 @@ unless ( $patron ) { } if ( $action eq 'reverse' ) { - ReversePayment( $input->param('accountlines_id') ); + ReversePayment( scalar $input->param('accountlines_id') ); } if ( $patron->category->category_type eq 'C') { -- 2.39.5