[Koha-bugs] [Bug 28489] New: CGI::Session is incorrectly serialized to DB in production env / when strict_sql_modes = 0
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon May 31 10:15:31 CEST 2021
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28489
Bug ID: 28489
Summary: CGI::Session is incorrectly serialized to DB in
production env / when strict_sql_modes = 0
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: critical
Priority: P5 - low
Component: Authentication
Assignee: koha-bugs at lists.koha-community.org
Reporter: joonas.kylmala at helsinki.fi
QA Contact: testopia at bugs.koha-community.org
CC: dcook at prosentient.com.au, dpavlin at rot13.org,
jonathan.druart+koha at gmail.com,
julian.maurice at biblibre.com
Depends on: 28317
The changes introduced in bug 28317 regarding CGI::Sessions serialization works
OK with koha-testing-docker where KOHA_TESTING env and "strict_sql_modes"
koha-conf.xml config is set to True. However, according to our documentation
strict_sql_modes it should not be used in production environment. If it is
disabled then the CGI::Session serialization encoding breaks.
To reproduce:
1) Set strict_sql_modes = 1 in koha-conf.xml (depending on your test
environment variables you might also just wanna uncomment the relevant code in
Koha/Database.pm)
2) Create branch with a display name "Testä" and switch to that branch in
intranet.
3) Go to some page in intranet and notice the branch is displayed incorrectly
in the menu
Alternatively this can cause major trouble if for example a branchcode contains
non-ascii letters, e.g. Ä. Then for example on returns.pl we get following
error (and I think lots of other things break as well):
> Broken FK constraint at /usr/share/perl5/Exception/Class/Base.pm line 88
Referenced Bugs:
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28317
[Bug 28317] Remove CGI::Session::Serialize::yaml dependency by using the
default serializer
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list