https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20804 Bug ID: 20804 Summary: Sanitize input of timeout syspref Change sponsored?: --- Product: Koha Version: 17.11 Hardware: All OS: All Status: NEW Severity: minor Priority: P5 - low Component: System Administration Assignee: koha-bugs@lists.koha-community.org Reporter: pablo.bianchi@gmail.com QA Contact: testopia@bugs.koha-community.org CC: gmcharlt@gmail.com I naively change timeout syspref from default "1d" to "2h". I get logout immediatly, and after login again, at the first clic I was logged out again, with any user, even with koha_instance. plack-error.log Use of uninitialized value $lasttime in numeric lt (<) at /usr/share/koha/lib/C4/Auth.pm line 1425. Argument "2h" isn't numeric in subtraction (-) at /usr/share/koha/lib/C4/Auth.pm line 1425. Argument "2h" isn't numeric in subtraction (-) at /usr/share/koha/lib/C4/Auth.pm line 862. I was back again with via sql update (value='1d') and flushing memcached. I suggest: - Don't been possible to input an invalid input on timeout (well, on any, but for the moment on this one). m/^[0-9]*[dD]?$/ - This syspref (maybe others also) shouldn't apply to koha_instance user (God shouldn't be able to microwave a burrito so hot he himself couldn't eat it). Would be great 30m and 2h for minutes and hours, but that should be other bug. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.