[Koha-bugs] [Bug 28489] New: CGI::Session is incorrectly serialized to DB in production env / when strict_sql_modes = 0

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Mon May 31 10:15:31 CEST 2021 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28489

            Bug ID: 28489
           Summary: CGI::Session is incorrectly serialized to DB in
                    production env / when strict_sql_modes = 0
 Change sponsored?: ---
           Product: Koha
           Version: master
          Hardware: All
                OS: All
            Status: NEW
          Severity: critical
          Priority: P5 - low
         Component: Authentication
          Assignee: koha-bugs at lists.koha-community.org
          Reporter: joonas.kylmala at helsinki.fi
        QA Contact: testopia at bugs.koha-community.org
                CC: dcook at prosentient.com.au, dpavlin at rot13.org,
                    jonathan.druart+koha at gmail.com,
                    julian.maurice at biblibre.com
        Depends on: 28317

The changes introduced in bug 28317 regarding CGI::Sessions serialization works
OK with koha-testing-docker where KOHA_TESTING env and "strict_sql_modes"
koha-conf.xml config is set to True. However, according to our documentation
strict_sql_modes it should not be used in production environment. If it is
disabled then the CGI::Session serialization encoding breaks.

To reproduce:

1) Set strict_sql_modes = 1 in koha-conf.xml (depending on your test
environment variables you might also just wanna uncomment the relevant code in
Koha/Database.pm)
2) Create branch with a display name "Testä" and switch to that branch in
intranet. 
3) Go to some page in intranet and notice the branch is displayed incorrectly
in the menu

Alternatively this can cause major trouble if for example a branchcode contains
non-ascii letters, e.g. Ä. Then for example on returns.pl we get following
error (and I think lots of other things break as well):

> Broken FK constraint at /usr/share/perl5/Exception/Class/Base.pm line 88


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28317
[Bug 28317] Remove CGI::Session::Serialize::yaml dependency by using the
default serializer
-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.

More information about the Koha-bugs mailing list