[Koha-bugs] [Bug 31492] New: Patron image upload fails on first attempt with CSRF failure

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Wed Aug 31 05:33:33 CEST 2022 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=31492

            Bug ID: 31492
           Summary: Patron image upload fails on first attempt with CSRF
                    failure
 Change sponsored?: ---
           Product: Koha
           Version: 22.05
          Hardware: All
                OS: All
            Status: NEW
          Severity: minor
          Priority: P5 - low
         Component: Patrons
          Assignee: koha-bugs at lists.koha-community.org
          Reporter: matthew.lindfield-seager at hope.edu.kh
        QA Contact: testopia at bugs.koha-community.org
                CC: gmcharlt at gmail.com, kyle.m.hall at gmail.com

After upgrading to 22.05.004 (and after manually installing
`libmojolicious-plugin-openapi-perl` to get patron search to work - as per
https://www.mail-archive.com/koha@lists.katipo.co.nz/msg28885.html) we are now
seeing an issue uploading patron images.

After logging in to Koha, the first attempt to upload an individual patron
image (from the patron show screen) fails with a CSRF error:

> The form submission failed (Wrong CSRF token). Try to come back, refresh the page, then try again.

Second and subsequent attempts succeed up until we log out and log back in
again. After that the first submission once again fails.

I tailed the logs to see if I could see any errors using `tail -f
/var/log/koha/library/*.log`. On one occasion I saw an error related to
`picture_upload.pl` in `/var/log/koha/library/intranet-error.log` but I can't
reproduce it.

In case it's relevant the error I saw once was:
> [Wed Aug 31 09:55:06.665314 2022] [cgi:error] [pid 288501] [client 136.228.129.94:64313] AH01215: Use of uninitialized value $cardnumber in concatenation (.) or string at /usr/share/koha/intranet/cgi-bin/tools/picture-upload.pl line 66.: /usr/share/koha/intranet/cgi-bin/tools/picture-upload.pl, referer: https://<library url>/cgi-bin/koha/circ/circulation.pl?borrowernumber=1790

The CSRF error in the client is reproducible in up-to-date versions of Chrome
on Windows and Safari on macOS so it doesn't seem to be browser or OS specific.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.

More information about the Koha-bugs mailing list