[Koha-bugs] [Bug 30997] "CGI::param called in list context" warning in detail.pl flooding error log

Tue Jun 21 10:55:48 CEST 2022

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30997

--- Comment #5 from Andrew Nugged <nugged at gmail.com> ---
sidenote to David:

authors of CGI.pm decided to "warn only once" that's why Plack restart helps:
it starts from again "$LIST_CONTEXT_WARN == 1".

from CGI.pm source in sub param:

        if ( wantarray && $LIST_CONTEXT_WARN == 1 ) {
                my ( $package, $filename, $line ) = caller;
                if ( $package ne 'CGI' ) {
                        $LIST_CONTEXT_WARN++; # only warn once
                        warn "CGI::param called in list context from $filename
line $line, this can lead to vulnerabilities. "
                                . 'See the warning in "Fetching the value or
values of a single named parameter"';
                }
        }

Petro: Maybe the commit explanation might be expanded with the note "on freshly
started plack because this wards suppressed later by CGI.pm"

-- 
You are receiving this mail because:
You are watching all bug changes.