[Koha-bugs] [Bug 20804] New: Sanitize input of timeout syspref
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed May 23 07:54:55 CEST 2018
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20804
Bug ID: 20804
Summary: Sanitize input of timeout syspref
Change sponsored?: ---
Product: Koha
Version: 17.11
Hardware: All
OS: All
Status: NEW
Severity: minor
Priority: P5 - low
Component: System Administration
Assignee: koha-bugs at lists.koha-community.org
Reporter: pablo.bianchi at gmail.com
QA Contact: testopia at bugs.koha-community.org
CC: gmcharlt at gmail.com
I naively change timeout syspref from default "1d" to "2h". I get logout
immediatly, and after login again, at the first clic I was logged out again,
with any user, even with koha_instance.
plack-error.log
Use of uninitialized value $lasttime in numeric lt (<) at
/usr/share/koha/lib/C4/Auth.pm line 1425.
Argument "2h" isn't numeric in subtraction (-) at
/usr/share/koha/lib/C4/Auth.pm line 1425.
Argument "2h" isn't numeric in subtraction (-) at
/usr/share/koha/lib/C4/Auth.pm line 862.
I was back again with via sql update (value='1d') and flushing memcached.
I suggest:
- Don't been possible to input an invalid input on timeout (well, on any, but
for the moment on this one). m/^[0-9]*[dD]?$/
- This syspref (maybe others also) shouldn't apply to koha_instance user (God
shouldn't be able to microwave a burrito so hot he himself couldn't eat it).
Would be great 30m and 2h for minutes and hours, but that should be other bug.
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list