[Koha-devel] Master broken
Chris Cormack
chris at bigballofwax.co.nz
Sun Nov 27 09:22:47 CET 2011
2011/11/27 Frère Sébastien <semarie-koha at latrappe.fr>:
> On Sat, Nov 26, 2011 at 04:19:26PM -0500, Jared Camins-Esakov wrote:
>>
>> Can't call method "cookie" on an undefined value at /home/jcamins/k
>> ohaclone/C4/Templates.pm line 323
>>
>
> The patch (9a4e9e54f26b0c1bf69c5be1f5b0fea93134c06a / Bug 6629 : Sanitizing input from language cookie) has removed a conditional assignement to a simple assignement.
>
> C4/Templates.pm:
> - $lang = $query->cookie('KohaOpacLanguage')
> - if defined $query and $query->cookie('KohaOpacLanguage');
> + $lang = getlanguagecookie($query);
>
> And as C4::Templates::getlanguagecookie deference $query for obtain cookie information... when $query is undef, not method to call.
>
> Has a bug report created ? The patch for 6629 as introduce a new bug...
> --
New patch on 6629, it turns out InstallAuth.pm had its own
vulnerability that this error lead me to discover.
Patch addresses this error and fixes the vulnerability in the web installer
Please test and sign off
Chris
More information about the Koha-devel
mailing list