From 700b7dfa09e38c074cebbbb5caac64e031d5c0d5 Mon Sep 17 00:00:00 2001 From: Aleisha Amohia Date: Mon, 29 Apr 2019 03:14:35 +0000 Subject: [PATCH] Bug 7862: Preventing warns when creating a notice To reproduce warns: 1) Go to Tools -> Notices & slips 2) Create a new notice of any module Notice these warns: Use of uninitialized value $code in regexp compilation at /home/vagrant/kohaclone/tools/letter.pl line 265. Use of uninitialized value $code in regexp compilation at /home/vagrant/kohaclone/tools/letter.pl line 265. Use of uninitialized value $code in regexp compilation at /home/vagrant/kohaclone/tools/letter.pl line 265. CGI::param called in list context from package CGI::Compile::ROOT::home_vagrant_kohaclone_svc_letters_get line 50, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 436. CGI::param called in list context from package CGI::Compile::ROOT::home_vagrant_kohaclone_svc_letters_get line 50, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 436. 3) Create a new notice of the Circulation module Notice this additional warn: Use of uninitialized value $code in pattern match (m//) at /home/vagrant/kohaclone/tools/letter.pl line 258. To test: 4) Apply patch and refresh page 5) Run steps 1-3 again and confirm no warns show Sponsored-by: Catalyst IT Signed-off-by: Maryse Simard Signed-off-by: Jonathan Druart Signed-off-by: Nick Clemens --- svc/letters/get | 4 +++- tools/letter.pl | 11 +++++++---- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/svc/letters/get b/svc/letters/get index 708de7425e..dabb8db10e 100755 --- a/svc/letters/get +++ b/svc/letters/get @@ -47,7 +47,9 @@ Used to get letters with a given letter code. our ( $query, $response ) = C4::Service->init( tools => 'edit_notices' ); sub get_letters { - my $letters = GetLetters({ code => $query->param('code'), branchcode => $query->param('branchcode') }); + my $code = scalar $query->param('code'); + my $branchcode = scalar $query->param('branchcode'); + my $letters = GetLetters({ code => $code, branchcode => $branchcode }); $response->param( letters => $letters ); C4::Service->return_success( $response ); } diff --git a/tools/letter.pl b/tools/letter.pl index 0cc0029394..f1a234bf40 100755 --- a/tools/letter.pl +++ b/tools/letter.pl @@ -255,14 +255,17 @@ sub add_form { push @{$field_selection}, add_fields('issues'); } - if ( $module eq 'circulation' and $code =~ /^AR_/ ) { + if ( $module eq 'circulation' and $code and $code =~ /^AR_/ ) { push @{$field_selection}, add_fields('article_requests'); } } - my $preview_is_available = grep {/^$code$/} qw( - CHECKIN CHECKOUT HOLD_SLIP - ); + my $preview_is_available = 0; + + if ($code) { + $preview_is_available = grep {/^$code$/} qw( CHECKIN CHECKOUT HOLD_SLIP ); + } + $template->param( module => $module, SQLfieldnames => $field_selection, -- 2.39.5