[Koha-bugs] [Bug 27849] Koha::Token may access undefined C4::Context->userenv
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Jul 18 14:46:42 CEST 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27849
Paul Derscheid <paul.derscheid at lmscloud.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #117744|0 |1
is obsolete| |
--- Comment #3 from Paul Derscheid <paul.derscheid at lmscloud.de> ---
Created attachment 137802
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=137802&action=edit
Bug 27849: Koha::Token may access undefined C4::Context->userenv
The _add_default_csrf_params internal function accesses
C4::Context->userenv without checking that it has been defined. I think
not all of the potential callers of it declare that they require a
defined userenv, so we should test and provide defaults for required
values if it is not defined, to avoid some "Can't use an undefined value
as a HASH reference" HTTP 500 Internal Server Errors.
To test:
Do anything that requires a form with CSRF token, such as editing your
details. Behaviour should be unchanged. To test the failure case, you
would need some customised code that indirectly generates a CSRF token
before setting the userenv up and I am not sure there is any in released
Koha yet.
Signed-off-by: Paul Derscheid <paul.derscheid at lmscloud.de>
Looks good to me. Working as expected.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list