[Koha-bugs] [Bug 17427] Replace CGI::Session with Data::Session
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Oct 21 16:28:19 CEST 2016
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17427
--- Comment #8 from Martin Renvoize <martin.renvoize at ptfs-europe.com> ---
Comment on attachment 56572
--> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=56572
Bug 17427: Replace CGI::Session with Data::Session
Review of attachment 56572:
--> (https://bugs.koha-community.org/bugzilla3/page.cgi?id=splinter.html&bug=17427&attachment=56572)
-----------------------------------------------------------------
Generally looks good.. minor question about using ENV though.. not sure about
that part of the change.
::: C4/Auth.pm
@@ +1111,4 @@
> $session->param( 'branchname', $branchname );
> $session->param( 'flags', $userflags );
> $session->param( 'emailaddress', $emailaddress );
> + $session->param( 'ip', $ENV{REMOTE_ADDR} );
Did we test this against plack? Can we really rely on ENV for remote_addr...
and in fact.. do we not compare the session ip to the env remote_addr in places
as a security check?
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list