[Koha-bugs] [Bug 35278] CGI::param called in list context from /usr/share/koha/admin/columns_settings.pl line 76
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Nov 7 22:55:04 CET 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35278
David Nind <david at davidnind.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |david at davidnind.com
--- Comment #4 from David Nind <david at davidnind.com> ---
Testing notes (using KTD)
1.Before applying the patch, ran through the URLs and noted area accessed and
any warnings in the /var/log/koha/kohadev/plack-intranet-error.log log file.
1.1 http://127.0.0.1:8081/cgi-bin/koha/admin/columns_settings.pl - No error in
the log file (as expected).
1.2
http://127.0.0.1:8081/cgi-bin/koha/admin/columns_settings.pl?module=acqui&page=basket
- Scrolls down to Page: basket (as expected). Error in the log file:
1 [2023/11/07 21:16:58] [WARN] CGI::param called in list context from
/kohadevbox/koha/admin/columns_settings.pl line 76, this can lead to
vulnerabilities. See the warning in "Fetching the value or values of a single
named parameter" at /usr/share/perl5/CGI.pm line 414.
1.3
http://127.0.0.1:8081/cgi-bin/koha/admin/columns_settings.pl?module=acqui&page=basket&table=orders
- Scrolls down to Table id: orders (as expected). Error in the log file:
2 [2023/11/07 21:20:33] [WARN] CGI::param called in list context from
/kohadevbox/koha/admin/columns_settings.pl line 76, this can lead to
vulnerabilities. See the warning in "Fetching the value or values of a single
named parameter" at /usr/share/perl5/CGI.pm line 414.
1.4
http://127.0.0.1:8081/cgi-bin/koha/admin/columns_settings.pl?module=acqui&module=admin
- Acquisition area expanded showing: "There is no page using the table
configuration in this module.". Warnings in the log file:
3 [2023/11/07 21:27:19] [WARN] Problem = a value of table has been passed to
param without key at /kohadevbox/koha/C4/Templates.pm line 143.
4 [2023/11/07 21:27:19] [WARN] Problem = a value of modules has been passed
to param without key at /kohadevbox/koha/C4/Templates.pm line 143.
1.5
http://127.0.0.1:8081/cgi-bin/koha/admin/columns_settings.pl?module=acqui&module=admin&page=basket&table=orders
- Acquisition area expanded showing: "There is no page using the table
configuration in this module.". No additional warnings added to the log file.
1.6
http://127.0.0.1:8081/cgi-bin/koha/admin/columns_settings.pl?module=admin&module=acqui&page=basket&table=orders
- Administration area expanded showing: "There is no page using the table
configuration in this module.". No additional warnings added to the logfile.
2. Applied patch, flush_memcached, restart_all, fresh browser.
2.1 http://127.0.0.1:8081/cgi-bin/koha/admin/columns_settings.pl - No error in
the log file (as expected).
2.2
http://127.0.0.1:8081/cgi-bin/koha/admin/columns_settings.pl?module=acqui&page=basket
- Scrolls down to Page: basket (as expected). No error in the log file.
(Results as expected.)
2.3
http://127.0.0.1:8081/cgi-bin/koha/admin/columns_settings.pl?module=acqui&page=basket&table=orders
- Scrolls down to Table id: orders. No error in the log file. (Results as
expected.)
2.4
http://127.0.0.1:8081/cgi-bin/koha/admin/columns_settings.pl?module=acqui&module=admin
- Acquisition area expanded. No error in the log file. (Results as expected.)
2.5
http://127.0.0.1:8081/cgi-bin/koha/admin/columns_settings.pl?module=acqui&module=admin&page=basket&table=orders
- Acquisition area expanded at Table id: orders. No error in the log file.
(Results as expected.)
2.6
http://127.0.0.1:8081/cgi-bin/koha/admin/columns_settings.pl?module=admin&module=acqui&page=basket&table=orders
- Administration area expanded, at the top. No error in the log file. (Results
as expected.)
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list