[Bug 15809] New: versions of CGI < 4.08 do not have multi_param
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 Bug ID: 15809 Summary: versions of CGI < 4.08 do not have multi_param Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: ASSIGNED Severity: normal Priority: P5 - low Component: Architecture, internals, and plumbing Assignee: jonathan.druart@bugs.koha-community.org Reporter: jonathan.druart@bugs.koha-community.org QA Contact: testopia@bugs.koha-community.org On debian Jessie, the CGI version is >= 4.08 Since this version, the param method raise a warning "CGI::param called in list context". Indeed, it can cause vulnerability if called in list context https://metacpan.org/pod/CGI#Fetching-the-value-or-values-of-a-single-named-... http://blog.gerv.net/2014/10/new-class-of-vulnerability-in-perl-web-applicat... There is a long journey to get rid of these warnings. First I suggest to redefine the multi_param method when the CGI version installed is < 4.08, it will allow us to move the wrong ->param calls to ->multi_param without waiting for everybody to upgrade. The different ways to call these 2 methods are: my $foo = $cgi->param('foo'); # OK my @foo = $cgi->param('foo'); # NOK, will raise the warning my @foo = $cgi->multi_param('foo'); #OK $template->param( foo => $cgi->param('foo') ); # NOK, will raise the warning and vulnerable $template->param( foo => scalar $cgi->param('foo') ); # OK -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |15747 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15747 [Bug 15747] Auth.pm flooding error log with "CGI::param called in list context" -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |14076 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14076 [Bug 14076] Noisy warns in opac-authorities-home.pl -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 --- Comment #1 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Created attachment 47964 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=47964&action=edit Bug 15809: Redefine multi_param is CGI < 4.08 is used On debian Jessie, the CGI version is >= 4.08 Since this version, the param method raise a warning "CGI::param called in list context". Indeed, it can cause vulnerability if called in list context https://metacpan.org/pod/CGI#Fetching-the-value-or-values-of-a-single-named-... http://blog.gerv.net/2014/10/new-class-of-vulnerability-in-perl-web-applicat... There is a long journey to get rid of these warnings. First I suggest to redefine the multi_param method when the CGI version installed is < 4.08, it will allow us to move the wrong ->param calls to ->multi_param without waiting for everybody to upgrade. The different ways to call these 2 methods are: my $foo = $cgi->param('foo'); # OK my @foo = $cgi->param('foo'); # NOK, will raise the warning my @foo = $cgi->multi_param('foo'); #OK $template->param( foo => $cgi->param('foo') ); # NOK, will raise the warning # and vulnerable $template->param( foo => scalar $cgi->param('foo') ); # OK -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #47964|0 |1 is obsolete| | --- Comment #2 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Created attachment 47965 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=47965&action=edit Bug 15809: Redefine multi_param is CGI < 4.08 is used On debian Jessie, the CGI version is >= 4.08 Since this version, the param method raise a warning "CGI::param called in list context". Indeed, it can cause vulnerability if called in list context https://metacpan.org/pod/CGI#Fetching-the-value-or-values-of-a-single-named-... http://blog.gerv.net/2014/10/new-class-of-vulnerability-in-perl-web-applicat... There is a long journey to get rid of these warnings. First I suggest to redefine the multi_param method when the CGI version installed is < 4.08, it will allow us to move the wrong ->param calls to ->multi_param without waiting for everybody to upgrade. The different ways to call these 2 methods are: my $foo = $cgi->param('foo'); # OK my @foo = $cgi->param('foo'); # NOK, will raise the warning my @foo = $cgi->multi_param('foo'); #OK $template->param( foo => $cgi->param('foo') ); # NOK, will raise the warning # and vulnerable $template->param( foo => scalar $cgi->param('foo') ); # OK -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |In Discussion -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 Jacek Ablewicz <abl@biblos.pk.edu.pl> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |abl@biblos.pk.edu.pl -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=15810 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |m.de.rooy@rijksmuseum.nl -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 M. Tompsett <mtompset@hotmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #47965|0 |1 is obsolete| | --- Comment #3 from M. Tompsett <mtompset@hotmail.com> --- Created attachment 48046 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=48046&action=edit [SIGNED-OFF] Bug 15809: Redefine multi_param is CGI < 4.08 is used On debian Jessie, the CGI version is >= 4.08 Since this version, the param method raise a warning "CGI::param called in list context". Indeed, it can cause vulnerability if called in list context https://metacpan.org/pod/CGI#Fetching-the-value-or-values-of-a-single-named-... http://blog.gerv.net/2014/10/new-class-of-vulnerability-in-perl-web-applicat... There is a long journey to get rid of these warnings. First I suggest to redefine the multi_param method when the CGI version installed is < 4.08, it will allow us to move the wrong ->param calls to ->multi_param without waiting for everybody to upgrade. The different ways to call these 2 methods are: my $foo = $cgi->param('foo'); # OK my @foo = $cgi->param('foo'); # NOK, will raise the warning my @foo = $cgi->multi_param('foo'); #OK $template->param( foo => $cgi->param('foo') ); # NOK, will raise the warning # and vulnerable $template->param( foo => scalar $cgi->param('foo') ); # OK NOTE: Tested in conjuction of bug 14076. Signed-off-by: Mark Tompsett <mtompset@hotmail.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 M. Tompsett <mtompset@hotmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mtompset@hotmail.com Status|In Discussion |Signed Off --- Comment #4 from M. Tompsett <mtompset@hotmail.com> --- This works well in solving the sample case in bug 14076. At some point in the future (2+ years), perhaps we'll up the required CGI version, such that multi_param will be included, and we can remove this code. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Failed QA QA Contact|testopia@bugs.koha-communit |m.de.rooy@rijksmuseum.nl |y.org | --- Comment #5 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- I am having the impression that we do not completely tackle the problem (read vulnerability given) here. Because just switching param to multi_param (without looking to the context) does not really solve it. You only suppress the warning. We could still be vulnerable with calls like: my $hash = { a => multi_param('b'), c => 'd' ) If multi_param b returns ( b1, b2, b3), your hash is 'injected' with b2 => b3, just the same as param b would have done. So we should check (before or after this patch) if we are calling params in a hash context. If so, prepend with scalar. Redefining methods/routines for lower versions of a module is not the most elegant solution (from QA perspective). If we could prevent doing so, we should. Since we do not need to add calls to multi_param yet and we do not address the actual vulnerability in this patch, I would propose to not add this redefinition. We should concentrate on the calls to param in a hash context and scalarize them. (The warnings in the log show us where these calls are.) Failed QA I will also ask for another (QA) opinion on the dev list. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 --- Comment #6 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Still we have the other situation that we do want multiple values: my @a = param( 'b' ); Should this actually be solved in CGI? It generates a lot of false warnings. For reasons of compatibility param cannot just return a scalar. Would it be simpler to only clear $CGI::LIST_CONTEXT_WARN for individual cases? -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 --- Comment #7 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- (In reply to Marcel de Rooy from comment #5)
I am having the impression that we do not completely tackle the problem (read vulnerability given) here. Because just switching param to multi_param (without looking to the context) does not really solve it. You only suppress the warning.
Yes of course, but we are now aware of this problem, and it's the QA's job to catch them if they are wrongly used.
Redefining methods/routines for lower versions of a module is not the most elegant solution (from QA perspective). If we could prevent doing so, we should. Since we do not need to add calls to multi_param yet and we do not address the actual vulnerability in this patch, I would propose to not add this redefinition. We should concentrate on the calls to param in a hash context and scalarize them. (The warnings in the log show us where these calls are.)
The goal was to remove the warnings for production installs using CGI < 4.08. As a developer, I am using > 4.08 and will see the warnings in my logs. (In reply to Marcel de Rooy from comment #6)
Still we have the other situation that we do want multiple values: my @a = param( 'b' );
Should this actually be solved in CGI? It generates a lot of false warnings. For reasons of compatibility param cannot just return a scalar.
How do you want to fix that, I don't think I understand what you meant here.
Would it be simpler to only clear $CGI::LIST_CONTEXT_WARN for individual cases?
I don't think so, developers won't see the warnings, we should keep them to know where the issues could come from. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 --- Comment #8 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- (In reply to Jonathan Druart from comment #7)
The goal was to remove the warnings for production installs using CGI < 4.08. As a developer, I am using > 4.08 and will see the warnings in my logs.
Older CGI versions do not have this warning. I am not sure about the exact version, but it could well be that the introduction of multi_param also added this warning. How does your solution differentiate production from other installs? -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 --- Comment #9 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- (In reply to Marcel de Rooy from comment #8)
(In reply to Jonathan Druart from comment #7)
The goal was to remove the warnings for production installs using CGI < 4.08. As a developer, I am using > 4.08 and will see the warnings in my logs.
Older CGI versions do not have this warning. I am not sure about the exact version, but it could well be that the introduction of multi_param also added this warning.
You might be right. In this case, we could remove $CGI::LIST_CONTEXT_WARN = 0; from the patch.
How does your solution differentiate production from other installs?
It does not -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 Galen Charlton <gmcharlt@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |gmcharlt@gmail.com --- Comment #10 from Galen Charlton <gmcharlt@gmail.com> --- So, ->param() starts displaying warnings when evaluated in list context as of CGI.pm 4.05. ->multi_param() was added in 4.08 as a way of saying "I really want multiple parameter values, don't make me do { $CGI::LIST_CONTEXT_WARN = 0; @f = $q->param('foo'); } just to quell the warning." To deal with the most common exploit scenario, "git grep '=>.*->param'" turns up ~270 cases where we most likely *don't* want multi_param(); rather, we want to wrap ->param in scalar(...). I think that should be the first priority. "git grep '@.*->param'" turns up 332 places in 120 files where a parameter is intentionally being fed into a list. I'm not keen about monkey-patching a core module, though I recognize the expediency of it; but if we go that route so that we can start using ->multi_param() across the board, I think we *shouldn't* set $CGI::LIST_CONTEXT_WARN. An alternative would be adding a bunch of "local $CGI::LIST_CONTEXT_WARN = 0;" and making a note to ourselves to replace that with ->multi_param() once we're past the point where stable Linux distros ship CGI.pm older than 4.08. We could also do it like this: Change: @f = $cgi->param('foo'); To: @f = Koha::CGI::multi_param($cgi, 'foo'); where Koha::CGI::multi_param looks something like this: sub multi_param { my ($cgi, $param) = @_; local $CGI::LIST_CONTEXT_WARN = 0; return $cgi->param($param); } That way, we're not monkey-patching a core module and we get something that we can mechanically translate to $cgi->multi_param once we're assured of having a recent enough version of CGI.pm. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 --- Comment #11 from Galen Charlton <gmcharlt@gmail.com> --- Yet another way to do it would be to make Koha::CGI be a full (but thin) OO wrapper around CGI.pm. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 --- Comment #12 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- (In reply to Galen Charlton from comment #10) I totally agree with the "what to do next" part, but what about now? My patch seems to match your requirements. It could be very easy and quick to replace the different occurrences. I would like to avoid a temporary solution. Even if we need one, something different than "FIXME bug 2505" would be better ;) Defining the CGi->multi_param method for < 4.08 and use CGI->param instead looks, to me, the easiest and cleanest solution. We will just need to remove it when >= 4.08 will be widely used. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 --- Comment #13 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- (In reply to Jonathan Druart from comment #12)
(In reply to Galen Charlton from comment #10)
I totally agree with the "what to do next" part, but what about now? My patch seems to match your requirements.
Jonathan, I am reading: "I am not keen about monkey patching a core module", which imo does not seem to translate to "match your requirements" :) I would not opt for a complete Koha::CGI at this point. But I would (slightly) prefer the Koha::CGI::multi_param above "*CGI::multi_param = \&CGI::param". It will make any developer immediately aware of our "interception". The switchover to the real multi_param at some point in time will be completely painless. Also note the different handling of the LIST_CONTEXT_WARN var.
It could be very easy and quick to replace the different occurrences. I would like to avoid a temporary solution. Even if we need one, something different than "FIXME bug 2505" would be better ;) Agreed, altough some code is temporary in any solution for now.
-- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 --- Comment #14 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- (In reply to Marcel de Rooy from comment #13)
(In reply to Jonathan Druart from comment #12)
(In reply to Galen Charlton from comment #10)
I totally agree with the "what to do next" part, but what about now? My patch seems to match your requirements.
Jonathan, I am reading: "I am not keen about monkey patching a core module", which imo does not seem to translate to "match your requirements" :)
Sorry, I thought Galen was talking about patching CGI (solution suggested on the ML).
I would not opt for a complete Koha::CGI at this point. But I would (slightly) prefer the Koha::CGI::multi_param above "*CGI::multi_param = \&CGI::param". It will make any developer immediately aware of our "interception". The switchover to the real multi_param at some point in time will be completely painless.
Also note the different handling of the LIST_CONTEXT_WARN var.
Is anyone ready to submit a counter-patch? -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|15747 | See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=15747 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15747 [Bug 15747] Auth.pm flooding error log with "CGI::param called in list context" -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 --- Comment #15 from Galen Charlton <gmcharlt@gmail.com> --- (In reply to Marcel de Rooy from comment #13)
Jonathan, I am reading: "I am not keen about monkey patching a core module", which imo does not seem to translate to "match your requirements" :) I would not opt for a complete Koha::CGI at this point. But I would (slightly) prefer the Koha::CGI::multi_param above "*CGI::multi_param = \&CGI::param". It will make any developer immediately aware of our "interception". The switchover to the real multi_param at some point in time will be completely painless.
Indeed, Marcel has correctly identified what I was trying to say -- I meant "core module" in the sense of a module typically distributed with Perl, not a Koha module. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 --- Comment #16 from Galen Charlton <gmcharlt@gmail.com> --- (In reply to Jonathan Druart from comment #14)
Is anyone ready to submit a counter-patch?
Working on one that is intended to actually fix at least some of the potential vulnerabilities. I feel that this bug's title is not ideal, as the focus should be on resolving potential misuse of CGI parameters, not merely on quelling noisy warnings in the logs. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 --- Comment #17 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- (In reply to Galen Charlton from comment #16)
(In reply to Jonathan Druart from comment #14)
Is anyone ready to submit a counter-patch?
Working on one that is intended to actually fix at least some of the potential vulnerabilities. I feel that this bug's title is not ideal, as the focus should be on resolving potential misuse of CGI parameters, not merely on quelling noisy warnings in the logs.
The purpose of this first patch was to provide a quick fix to allow the use of multi_param anywhere else. The second step will be to get rid of the misuses of CGI->param -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 MJ Ray (software.coop) <mjr@software.coop> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mjr@software.coop --- Comment #18 from MJ Ray (software.coop) <mjr@software.coop> --- I think it's best to review and amend the param calls if there's only 332 as Galen suggests. We did many more when facing the first SQL injection problem. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 --- Comment #19 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- I really would like to move forward here to provide the next patch... -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 --- Comment #20 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- (In reply to Galen Charlton from comment #16)
Working on one that is intended to actually fix at least some of the potential vulnerabilities. I feel that this bug's title is not ideal, as the focus should be on resolving potential misuse of CGI parameters, not merely on quelling noisy warnings in the logs.
Could you tell us along what lines you are doing that, and when you plan to submit? Based on that, we can decide if this patch in some form can be pushed in advance.. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Failed QA |Passed QA Patch complexity|--- |Small patch -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 --- Comment #21 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 49300 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=49300&action=edit Bug 15809: Redefine multi_param is CGI < 4.08 is used On debian Jessie, the CGI version is >= 4.08 Since this version, the param method raise a warning "CGI::param called in list context". Indeed, it can cause vulnerability if called in list context https://metacpan.org/pod/CGI#Fetching-the-value-or-values-of-a-single-named-... http://blog.gerv.net/2014/10/new-class-of-vulnerability-in-perl-web-applicat... There is a long journey to get rid of these warnings. First I suggest to redefine the multi_param method when the CGI version installed is < 4.08, it will allow us to move the wrong ->param calls to ->multi_param without waiting for everybody to upgrade. The different ways to call these 2 methods are: my $foo = $cgi->param('foo'); # OK my @foo = $cgi->param('foo'); # NOK, will raise the warning my @foo = $cgi->multi_param('foo'); #OK $template->param( foo => $cgi->param('foo') ); # NOK, will raise the warning # and vulnerable $template->param( foo => scalar $cgi->param('foo') ); # OK Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Tested a call to multi_param with CGI < 4.08. With reference to the comments on Bugzilla, this workaround is arguable, but provides a base to move to multi_param. If we come up with a better solution, it should be easy to adjust. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 --- Comment #22 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- QA Comment: With reference to the discussion above, I am moving the status to PQA. This workaround is arguable however. Note that Galen was working on a solution too, but did not yet reply. In the meantime we could use this, if the RM agrees too. Also note that this workaround depends on C4::Context. We have some scripts and tests using CGI without Context (or perhaps implicit). It might be safer too to put the multi_param redefinition outside the if ($ENV{'HTTP_USER_AGENT'}) block? The nature of this change makes that adding multi_param in some special places could lead to undefined subroutine errors in older production systems while developers do not catch it on newer systems. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 Brendan Gallagher <brendan@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |brendan@bywatersolutions.co | |m Attachment #48046|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 Brendan Gallagher <brendan@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Passed QA |Pushed to Master --- Comment #23 from Brendan Gallagher <brendan@bywatersolutions.com> --- Pushed to Master - Should be in the May 2016 release. Thanks! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |16154 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16154 [Bug 16154] Replace CGI->param with CGI->multi_param in list context -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 --- Comment #24 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- The job is going to continue on bug 16154. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 Julian Maurice <julian.maurice@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |julian.maurice@biblibre.com Status|Pushed to Master |Pushed to Stable --- Comment #25 from Julian Maurice <julian.maurice@biblibre.com> --- Patch pushed to 3.22.x, will be in 3.22.6 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 Owen Leonard <oleonard@myacpl.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |16259 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16259 [Bug 16259] More: Replace CGI->param with CGI->multi_param in list context -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 Frédéric Demians <frederic@tamil.fr> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |frederic@tamil.fr --- Comment #26 from Frédéric Demians <frederic@tamil.fr> --- Pushed to 3.22.x, will be in 3.20.11. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |16476 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=16645 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 Fridolin SOMERS <fridolin.somers@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |16645 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16645 [Bug 16645] Plack: Add the multi_param fix from Context in koha.psgi -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 Fridolin SOMERS <fridolin.somers@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also|https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=16645 | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=16864 -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org