[Koha-bugs] [Bug 27916] Fee paid message can crash SIP server if paying fee that is not "renewable"

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Thu Mar 25 12:17:48 CET 2021 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27916

Martin Renvoize <martin.renvoize at ptfs-europe.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #118024|0                           |1
        is obsolete|                            |

--- Comment #3 from Martin Renvoize <martin.renvoize at ptfs-europe.com> ---
Created attachment 118779
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=118779&action=edit
Bug 27916: Fee paid message can crash SIP server if paying fee that is not
"renewable"

I'm not entirely sure how this is possible, but I've confirmed my fix works on
two separate occasions.

In the Koha::Account::pay, if a fine is "renewable" ( as determined by the
method "renewable" the response to from the method "renew_item" is stored and
returned by by pay().

Later in C4::SIP::Sip::MsgType::handle_fee_paid we assume that each element of
the list in $pay_response->{renew_result} is a hashref that had an itemnumber.
This is not true. We need to check for the itemnumber and then the item. If
either do not exist, the SIP server will crash without responding.

My suspicion is that this is caused by Koha::Account::Line::renewable returning
true while the corrosponding call to renew_item contains a simple "return;"
statement if RenewAccruingItemWhenPaid is not enabled ( or there is not related
item or patron ).

What happens here, at least for Bibliotheca self checks is that the machine
will take payment, and send the fee paid to Koha via SIP. When Koha's SIP
crashes and doesn't return a response, the self check machine will refund the
money to the patron, *but* the payment still exists in Koha! Considering
payments may be in the tens or even hundreds of dollars, this makes for a
critical SIP bug.

I have been unable to recreate this bug on demand. So the test plan is:
1) Inspect the changes in the patch
2) Note that they make sense and prevent the SIP server from crashing
   if the itemnumber key has no data or the item is not found

Signed-off-by: Martin Renvoize <martin.renvoize at ptfs-europe.com>

-- 
You are receiving this mail because:
You are watching all bug changes.

More information about the Koha-bugs mailing list