[Koha-bugs] [Bug 28317] CGI::Session::Serialize::yaml needs either YAML::Syck or YAML

[bugzilla-daemon at bugs.koha-community.org]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28317

--- Comment #8 from Joonas Kylmälä <joonas.kylmala at helsinki.fi> ---
(In reply to Jonathan Druart from comment #7)
> (In reply to Joonas Kylmälä from comment #5)
> > I tried to use čollčá as the library name and the default serializer and the
> > bug reported a decade a code doesn't happen anymore, so I think we could use
> > the default serializer. Just have to come up with a upgrade plan. At least
> > the sessions table need to be emptied but do we have update scripts for
> > emptying memcached and temp files where the sesssions might also be stored?
> 
> Why that?

Maybe it is not needed after all, I thought it would somehow try to parse all
the sessions and possibly break, e.g. maybe if a malicous user tries to use the
session id for the old YAML session could it break something or allow
unauthorized access?

Also now I found an encoding issue with the default serializer, if you use
branchname and branchcode "ÄÄÄ~ÄãÃ" it breaks and shows question marks in
intranet:


[WARN]    (in cleanup) CGI::Session::Driver::mysql::store(): DBI Exception:
DBD::mysql::db do failed: Incorrect string value: '\xC4\xC4\xC4~\xC4\xE3...'
for column `koha_kohadev`.`sessions`.`a_session` at row 1 [for Statement
"INSERT INTO sessions (id, a_session) VALUES(?, ?) ON DUPLICATE KEY UPDATE
a_session = ?"] at /usr/share/perl5/CGI/Session.pm line 251

This works with the YAML serializer.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.