[Koha-bugs] [Bug 9735] Choose language using URL parameters in any page
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Jun 5 18:11:38 CEST 2013
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9735
Galen Charlton <gmcharlt at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|Passed QA |Failed QA
CC| |gmcharlt at gmail.com
--- Comment #5 from Galen Charlton <gmcharlt at gmail.com> ---
Reading the code, I see an issue with how the arrayref of cookies is managed.
Specifically, consider this scenario:
[1] OPAC user starts using the catalog anonymously and builds up some recent
searches.
[2] OPAC user decides to log in. As it happens, the OPAC has been customized
so that the login form permits the user to set their preferred language via the
new language parameter.
If you trace through the code, it looks like the cookie structure that gets
returned in that case would be something like this:
[ [ $original_session_cookie, $search_cookie ], $languagecookie ]
When this arrayref-inside-arrayref structure is passed to CGI's header method,
some testing I did shows that CGI.pm doesn't flatten the list, so the header
returned would look like this:
Status: 200 OK
Set-Cookie: ARRAY(0x222ad48)
Set-Cookie: (language cookie)
Date: Wed, 05 Jun 2013 16:07:59 GMT
Pragma: no-cache
Cache-control: no-cache
Content-Type: text/html; charset=UTF-8
The end result is that the login would fail.
I admit that this example is a little contrived, but it's not beyond the realm
of possibility that somebody would want to do this.
Consequently, I'm setting this to Failed QA. Please follow up by adjusting the
code to ensure that if multiple cookies are set by get_template_and_user(),
they all come back as a flat arrayref, not a nested on.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list