From 5abb08859152c7af509a4c719d2b2ee2f2bf20fd Mon Sep 17 00:00:00 2001 From: Marcel de Rooy Date: Thu, 18 Jan 2018 15:40:15 +0100 Subject: [PATCH] Bug 20031: CGI param in list context warn in guided_reports.pl Resolve warn: CGI::param called in list context from package CGI::Compile::ROOT::usr_share_koha_shadowclone_reports_guided_reports_2epl line 794, this can lead to vulnerabilities. [NOTE: line number from older Koha version.] Test plan: Looking at this change should convince you already. Another look at this routine in C4/Output.pm would be bonus. Signed-off-by: Marcel de Rooy Signed-off-by: Jonathan Druart Signed-off-by: Nick Clemens --- reports/guided_reports.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reports/guided_reports.pl b/reports/guided_reports.pl index 31269880f1..67d28c97cc 100755 --- a/reports/guided_reports.pl +++ b/reports/guided_reports.pl @@ -813,7 +813,7 @@ elsif ($phase eq 'Run this report'){ 'name' => $name, 'notes' => $notes, 'errors' => defined($errors) ? [ $errors ] : undef, - 'pagination_bar' => pagination_bar($url, $totpages, $input->param('page')), + 'pagination_bar' => pagination_bar($url, $totpages, scalar $input->param('page')), 'unlimited_total' => $total, 'sql_params' => \@sql_params, ); -- 2.39.5