[Koha-bugs] [Bug 7550] Self checkout: limit display of patron image to logged-in patron
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon May 1 14:29:25 CEST 2017
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=7550
--- Comment #28 from Marcel de Rooy <m.de.rooy at rijksmuseum.nl> ---
Created attachment 62913
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=62913&action=edit
Bug 7550: [QA Follow-up] Resolve param warning from sco-patron-image
Resolve this warning:
CGI::param called in list context from package C4::Service line 212, this can
lead to vulnerabilities. See the warning in "Fetching the value or values of a
single named parameter" at /usr/share/perl5/CGI.pm line 436.
It comes from the require_params call in sco-patron-image.pl.
Git grepping on require_params tells me this:
members/default_messageprefs.pl:my ($categorycode) =
C4::Service->require_params('categorycode');
opac/sco/sco-patron-image.pl:my ($borrowernumber) =
C4::Service->require_params('borrowernumber');
opac/sco/sco-patron-image.pl:my ($csrf_token) =
C4::Service->require_params('csrf_token');
svc/cataloguing/metasearch:my ( $query_string, $servers ) =
C4::Service->require_params( 'q', 'servers' );
The only candidate for multi_param seems to be 'servers', but as we can see
this variable is a scalar. Additional servers returned by require_params are
lost. This should be solved on its own report.
So, we can safely add scalar to the params call, resolve the warning and
keep the same behavior.
Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list