[Koha-bugs] [Bug 15747] Auth.pm flooding error log with "CGI::param called in list context"
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Feb 17 00:30:16 CET 2016
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15747
--- Comment #21 from David Cook <dcook at prosentient.com.au> ---
(In reply to Jonathan Druart from comment #20)
> (In reply to David Cook from comment #18)
> > I'm using "my @param_names = CGI->param()" elsewhere and it doesn't generate warnings.
>
> Yes it does.
No, it doesn't. Here's the evidence:
cat test.pl && perl test.pl
use Modern::Perl;
use CGI;
use Data::Dumper;
my $query = CGI->new();
$query->param('name',"bruce","wayne","clark","kent");
my @name = $query->param();
say Dumper(\@name);
$VAR1 = [
'name'
];
--
cat test.pl && perl test.pl
use Modern::Perl;
use CGI;
use Data::Dumper;
my $query = CGI->new();
$query->param('name',"bruce","wayne","clark","kent");
my @name = $query->param("name");
say Dumper(\@name);
CGI::param called in list context from package main line 8, this can lead to
vulnerabilities. See the warning in "Fetching the value or values of a single
named parameter" at /usr/lib/perl5/site_perl/5.20.1/CGI.pm line 437.
$VAR1 = [
'bruce',
'wayne',
'clark',
'kent'
];
--
As you can observe in the warning itself, the warning is for "Fetching the
value or values of a single named parameter". In the case of
'$query->param("name")', we're fetching the value of a single named parameter.
In the case of '$query->param()', we're fetching the names of all the
parameters. It's completely different.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list