[Koha-bugs] [Bug 27849] New: Koha::Token may access undefined C4::Context->userenv

Wed Mar 3 12:51:48 CET 2021

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27849

            Bug ID: 27849
           Summary: Koha::Token may access undefined C4::Context->userenv
 Change sponsored?: ---
           Product: Koha
           Version: 20.11
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5 - low
         Component: Architecture, internals, and plumbing
          Assignee: koha-bugs at lists.koha-community.org
          Reporter: mjr at software.coop
        QA Contact: testopia at bugs.koha-community.org

The _add_default_csrf_params internal function accesses C4::Context->userenv
without checking that it has been defined. I think not all of the potential
callers of it declare that they require a defined userenv, so we should test
and provide defaults for required values if it is not defined, to avoid some
"Can't use an undefined value as a HASH reference" HTTP 500 Internal Server
Errors.

Step to Reproduce: write some code that results in that function being used
before a set_userenv call

Actual Result: error logged, code exits

Expected Result: code runs to completion

Additional Information: I am not sure whether this is currently triggered by
any released core koha code, or only a few plugins and mods. It looks to me
like a bug waiting to happen, based on the documentation, which can be avoided
simply.

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.