[Koha-bugs] [Bug 34731] New: C4::Letters::SendQueuedMessages can be triggered with an undef message_id

Wed Sep 6 21:51:40 CEST 2023

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34731

            Bug ID: 34731
           Summary: C4::Letters::SendQueuedMessages can be triggered with
                    an undef message_id
 Change sponsored?: ---
           Product: Koha
           Version: master
          Hardware: All
                OS: All
            Status: NEW
          Severity: critical
          Priority: P5 - low
         Component: Architecture, internals, and plumbing
          Assignee: koha-bugs at lists.koha-community.org
          Reporter: kyle at bywatersolutions.com
        QA Contact: testopia at bugs.koha-community.org

I've discovered that sometimes C4::Letters::EnqueueLetter will return undef
instead of a valid message id. In Koha::Patron::set_password we call
C4::Letters::EnqueueLetter and assume a message_id exists which we pass to
C4::Letters::SendQueuedMessages. Because message_id is undef, we then *process
all pending messages*. This is very very bad considering libraries often have
very specific time frames they wish to send message ( especially sms and phone
). In addition, this bypasses the before_send_messages hook.

I have not been able to recreate on demand yet, but I think it is either random
or caused by calls to the /api/v1/patrons/<patron_id>/password rest api
endpoint.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.