I have suggested a global solution on bug 15809, please have a look. See bug 14076 for a POC. 2016-02-11 8:35 GMT+00:00 Zeno Tajoli <z.tajoli@cineca.it>:
Hi to all,
I have find a too high numbers of lines in Koha errors logs. All lines have: ... CGI::param called in list context from package main line xxx this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 436.
I use Debian Jessie with Koha 3.20.7. CGI.pm version is 4.09, the jessie version: https://packages.debian.org/jessie/libcgi-pm-perl
Reading this one: http://www.perlmonks.org/?node_id=1105164 and seeing this bugzilla: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14076
I go to /usr/share/perl5/CGI.pm, line 28 and I change
$LIST_CONTEXT_WARN = 1; into $LIST_CONTEXT_WARN = 0;
Now no more warings in error logs. But I don't know: 1)Is present a better way that change a core lib code ? 2)What do we do about "CGI::param called in list context ... can lead to vulnerabilities" ?
Bye Zeno Tajoli _______________________________________________ Koha-devel mailing list Koha-devel@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/