[Koha-bugs] [Bug 31492] New: Patron image upload fails on first attempt with CSRF failure
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Aug 31 05:33:33 CEST 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=31492
Bug ID: 31492
Summary: Patron image upload fails on first attempt with CSRF
failure
Change sponsored?: ---
Product: Koha
Version: 22.05
Hardware: All
OS: All
Status: NEW
Severity: minor
Priority: P5 - low
Component: Patrons
Assignee: koha-bugs at lists.koha-community.org
Reporter: matthew.lindfield-seager at hope.edu.kh
QA Contact: testopia at bugs.koha-community.org
CC: gmcharlt at gmail.com, kyle.m.hall at gmail.com
After upgrading to 22.05.004 (and after manually installing
`libmojolicious-plugin-openapi-perl` to get patron search to work - as per
https://www.mail-archive.com/koha@lists.katipo.co.nz/msg28885.html) we are now
seeing an issue uploading patron images.
After logging in to Koha, the first attempt to upload an individual patron
image (from the patron show screen) fails with a CSRF error:
> The form submission failed (Wrong CSRF token). Try to come back, refresh the page, then try again.
Second and subsequent attempts succeed up until we log out and log back in
again. After that the first submission once again fails.
I tailed the logs to see if I could see any errors using `tail -f
/var/log/koha/library/*.log`. On one occasion I saw an error related to
`picture_upload.pl` in `/var/log/koha/library/intranet-error.log` but I can't
reproduce it.
In case it's relevant the error I saw once was:
> [Wed Aug 31 09:55:06.665314 2022] [cgi:error] [pid 288501] [client 136.228.129.94:64313] AH01215: Use of uninitialized value $cardnumber in concatenation (.) or string at /usr/share/koha/intranet/cgi-bin/tools/picture-upload.pl line 66.: /usr/share/koha/intranet/cgi-bin/tools/picture-upload.pl, referer: https://<library url>/cgi-bin/koha/circ/circulation.pl?borrowernumber=1790
The CSRF error in the client is reproducible in up-to-date versions of Chrome
on Windows and Safari on macOS so it doesn't seem to be browser or OS specific.
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list