https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=31492 Bug ID: 31492 Summary: Patron image upload fails on first attempt with CSRF failure Change sponsored?: --- Product: Koha Version: 22.05 Hardware: All OS: All Status: NEW Severity: minor Priority: P5 - low Component: Patrons Assignee: koha-bugs@lists.koha-community.org Reporter: matthew.lindfield-seager@hope.edu.kh QA Contact: testopia@bugs.koha-community.org CC: gmcharlt@gmail.com, kyle.m.hall@gmail.com After upgrading to 22.05.004 (and after manually installing `libmojolicious-plugin-openapi-perl` to get patron search to work - as per https://www.mail-archive.com/koha@lists.katipo.co.nz/msg28885.html) we are now seeing an issue uploading patron images. After logging in to Koha, the first attempt to upload an individual patron image (from the patron show screen) fails with a CSRF error:
The form submission failed (Wrong CSRF token). Try to come back, refresh the page, then try again.
Second and subsequent attempts succeed up until we log out and log back in again. After that the first submission once again fails. I tailed the logs to see if I could see any errors using `tail -f /var/log/koha/library/*.log`. On one occasion I saw an error related to `picture_upload.pl` in `/var/log/koha/library/intranet-error.log` but I can't reproduce it. In case it's relevant the error I saw once was:
[Wed Aug 31 09:55:06.665314 2022] [cgi:error] [pid 288501] [client 136.228.129.94:64313] AH01215: Use of uninitialized value $cardnumber in concatenation (.) or string at /usr/share/koha/intranet/cgi-bin/tools/picture-upload.pl line 66.: /usr/share/koha/intranet/cgi-bin/tools/picture-upload.pl, referer: https://<library url>/cgi-bin/koha/circ/circulation.pl?borrowernumber=1790
The CSRF error in the client is reproducible in up-to-date versions of Chrome on Windows and Safari on macOS so it doesn't seem to be browser or OS specific. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.